| Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free! |
Firewall
|
Original Message
|
Name: Ken
Date: March 27, 2002 at 20:10:14 Pacific
Subject: Firewall |
Comment: Hi We are going to install a firewall and I have a couple of questions. The firewall has a DMZ port which I assume proxy and webserver is conneted to it. But you can also connect the webserver inside the lan and use NAT and set rules to access it. Then what is the point of DMZ? Is it because IIS has bugs and if some-one exploit this bug they can use the webserver to access our internal network where as if it was in the DMZ port they can't. Also do I set rules for DMZ for proxy and webserver or just leave it open? Ken
Report Offensive Message For Removal
|
|
Response Number 2
|
Name: mark
Date: April 15, 2002 at 15:39:32 Pacific
|
Reply: (edit)all the DMZ is, is another interface (network port) on the device to route traffic between two networks. a common useage for this is to segregate the publically accessable servers from the LAN. your intial assumption is kind of correct, in essense, if your webserver - or whatever - is compromised in any way, the traffic HAS to route through the firewall to get to the LAN. as this is the case, you can enforce rules on the firewall to allow and disallow (more importantly) traffic from these machines onto your LAN making it more secure! if they are not on the DNZ and are positioned on the LAN all traffic can be made local & does not have to route through the firewall, et voila! instant breach of security.
 Report Offensive Follow Up For Removal
|
Post Locked
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
Go to Security and Virus Forum Home
