Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dmz]

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

204 questions
5
votes
1 answer

Should I dual home our webservers (DMZ/Internal network) or just do 1-to-1 NAT?

I'm setting up a rack of servers which will have 2 webservers and 10 internal servers that provide back end application support (migrating from an AWS environment). We'll have virtual machine instances running on the boxes. In most enterprise…
davidparks21
  • 928
  • 1
  • 12
  • 27
5
votes
1 answer

Where to put OpenVPN server - DMZ or LAN?

We have a Smoothwall firewall with both a "green" network (LAN) and an "orange" network (DMZ), and we would like to use OpenVPN access server as our VPN server. The question is: Should the VPN server go in the LAN or the DMZ? And, if in the DMZ,…
Andrew Bate
  • 161
  • 1
  • 1
  • 5
5
votes
1 answer

Backing up a server on the DMZ

We have a somewhat-static web app with a large amount of media files that runs on a 2008 R2, non-domain server on the DMZ. I need to backup the media files on the server. The current backup mechanism for servers on the trusted network are…
Josh Brower
  • 1,669
  • 3
  • 18
  • 29
4
votes
4 answers

Best Method to test Opened Ports

We have a requirment where in we have to test 500+ Port opening rules. So requires a suggest on below points. Which is the best tool to test the connectivity of the ports. Telnet will be sufficient If there is no application is listening to a port…
Ajo Mathew
  • 175
  • 2
  • 2
  • 11
4
votes
2 answers

How to configure totally open DMZ with OpenWRT?

I have OpenWRT router. I have NAS in my LAN, which i need to access from WAN and from all computers in the LAN. So, it should be accessible from any computer and it needs to access some of them, too. I read OpenWRT wiki and forums, and they…
Slavik
  • 218
  • 1
  • 3
  • 7
4
votes
1 answer

How to place a virtual machine in DMZ?

I have an Ubuntu 12.04 server running few virtual machines with KVM. I would like to expose some of these virtual machines on the internet, to make it possible for customers to test the products we're developing and make available other products for…
Giordano
  • 309
  • 1
  • 3
  • 9
4
votes
1 answer

DMZ Setup with two firewalls - Traffic from DMZ to LAN and LAN to DMZ

I am setting up a network with machines that need to be accessible from the internet. I'm planning on putting these in a DMZ. Some of the machines in the DMZ need access to machines on the private network and machines on the private network need…
joeizy
  • 41
  • 1
  • 1
  • 2
4
votes
7 answers

Should databases containing customer information go in a DMZ?

We're deploying a simple newsletter webapp on a stand-alone LAMP platform in the company DMZ. There is some discussion as to whether the MySQL server should be removed from the DMZ and put in the internal network. The server is behind a firewall…
paul
  • 181
  • 1
  • 7
3
votes
0 answers

(HTTP) Traffic from DMZ to internal LAN using reverse proxy

I see a lot of threads on this topic, but I'm still confused, so apologies if this is "obvious" (I'm not a network engineer). Currently we have a two-zone DMZ/LAN setup. No traffic is allowed from DMZ to LAN but is allowed from the LAN to the DMZ. I…
Dynde
  • 131
  • 2
3
votes
0 answers

Kubernetes - Best Practices for Physical Network Segmentation

Based on the following design constraint, does anyone have any best practices or recommendations regarding how to deploy Kubernetes across multiple network zones? What is the most common and accepted method to this approach? For example if I have a…
Tom Bombadil
  • 31
  • 3
3
votes
1 answer

Will you allow NetBIOS into your DMZ?

Is it secure for a firewall to allow NetBIOS connections from the internal network to the DMZ? If not secure, what are the risks? If secure, what is the FUD about and what are the counterarguments?
Sir Rippov the Maple
  • 225
  • 1
  • 5
  • 8
3
votes
1 answer

How to mimic "DMZ Host" or "Default Host" NAT funcionality with iptables?

My previous DSL modem had a function called "DMZ Host" (which in other platforms seems to be named Default Host). When you select a computer in your network to be the DMZ Host, it forwards every non-manually forwarded port to that computer as well…
Joe Mirabil
  • 31
  • 2
3
votes
3 answers

Allow internal DNS to be queried from the DMZ?

We have a mail gateway running in a DMZ, which is a relay for our internal mail server holding all the mail. We have come accross the need to use DNS from the DMZ to resolve names of internal services (such as the internal mail server, etc.). Should…
David
  • 387
  • 1
  • 7
  • 16
3
votes
1 answer

Active Directory member servers in the DMZ

I want to be specific about terms. When I say DMZ I'm talking about a place where you would put servers that expose a service to untrusted networks like the Internet, or in some cases merely networks that are less trusted. I am attempting to shore…
Cignul9
  • 41
  • 1
  • 4
3
votes
0 answers

Allowing LDAP authentication from DMZ to Active Directory. Is my idea secure?

I have a internet-facing application server that I want to use AD authentication. This is my first time doing this for a none MS application or without some sort of proxy. I already have a idea in my mind as to how to perform this. I wanted to make…
Sarge
  • 502
  • 1
  • 6
  • 17
1
2
3
13 14