Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [dmz]

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

In computer security, a DMZ, or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. The term is normally referred to as a DMZ by information technology professionals. It is sometimes referred to as a perimeter network.

The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network.

204 questions
3
votes
1 answer

VLAN security compared to DMZ

I found this question very illuminating about DMZs and when to place a server in one. We're re-organizing our internal company network (keeping the same external IPs and domains), our mainly Windows servers (we use WinAD heavily) will be kept on the…
SteB
  • 989
  • 6
  • 15
  • 31
3
votes
1 answer

How can I tell if a host is bridged and acting as a router

I would like to scan my DMZ for hosts that are bridged between subnets and have routing enabled. Since I have everything from VMWare servers, to load balancers on the DMZ I'm unsure if every host is configured correctly. What IP, ICMP, or SNMP…
makerofthings7
  • 8,911
  • 34
  • 121
  • 197
3
votes
1 answer

Best practices for LDAP and DMZ

We are in the process of setting up a DMZ and I have stumbled into the question of how to handle machines that need to have ports exposed to the internet, but at the same time be able to make LDAP requests to our internal environment. We have a few…
user135409
  • 31
  • 2
3
votes
3 answers

Active Directory Domain Controllers in a DMZ

I am looking to deploy 2 additional Windows Server 2003 domain controllers into a separate confidential DMZ alongside 6 DCs that are installed in the regular network, making a total of 8 DCs. The 2 confidential DCs will communicate with the regular…
TheMoo
  • 33
  • 1
  • 7
3
votes
3 answers

How to collect logs with syslog-ng from www servers in dmz and send them to server behind firewall(NAT). Can Zabbix proxy solve this?

I have several www servers in DMZ. My monitoring and log gathering server lays in my LAN. There is no comunication like WWW server in DMZ ----> monitor server in LAN. I can connect DMZ from my LAN LAN --via proxy--> WWW server in DMZ. I'm going…
B14D3
  • 5,188
  • 15
  • 64
  • 83
3
votes
3 answers

Cisco ASA 5505 DMZ Setup Issue

I have an ASA 5505 running v8.4. I have one static IP that my ISP gives me and I need to use that for my INSIDE network as well as my DMZ. This becomes a PAT issue as I need some ports to terminate in the DMZ, and some to terminate in the INSIDE…
Gunnar
  • 31
  • 1
  • 2
2
votes
1 answer

AWS: Reverse Proxy to access private instance

I am looking for a best practice to set up a reverse proxy providing access to a private instance (for example a web server). I thought it would be possible to do this: create a VPC with one private subnet launch the reverse proxy instance, give it…
valh
  • 21
  • 1
  • 2
2
votes
1 answer

Mikrotik, block internet for specific ip but allow traffic for dmz or private network

I have Mikrotik RBcAP2n with one lan i one wlan. Wlan WiFi is for clients and Lan is for ADSL. Between MKRB and ADSL I have one server on the same network as MKRB and ADSL. Server have apache web site and server acts as my…
Pajsije
  • 35
  • 1
  • 1
  • 5
2
votes
1 answer

Run Service Control (sc.exe) command on secure port

Our team runs the following commands to turn on and off Windows Services (e.g. JBoss Native) from the Windows command line as well as through source code in a program. It connects to a remote box. We are now placing this box (\DEV-A1) into our…
JustBeingHelpful
  • 1,964
  • 7
  • 37
  • 53
2
votes
3 answers

WinRM Publicly Available

I am looking for specific feedback on WinRM. There are ::still:: debates out there about whether or not making RDP publicly available without a VPN is a good idea--There are no debates on whether or not making SSH publicly available is a good idea,…
Josh Brower
  • 1,669
  • 3
  • 18
  • 29
2
votes
1 answer

Allowing Internet traffic into DMZ using Azure Network Security Group

I am trying to create a simple DMZ using Azure Network Security Groups, using a Barracuda WAF as the public entrypoint into the DMZ, however I am having some trouble allowing internet traffic to access the Barracuda (and then be forwarded on to my…
Aidos
  • 123
  • 5
2
votes
1 answer

The best approach to access server in DMZ (outside domain) from LAN via command line (MS Windows)

I have two servers: SVR1 (Windows Server 2008) in LAN - part of domain SVR2 (Windows Server 2008) in DMZ - workgroup I need to access SVR2 from SVR1 via command line batch - copy some files and execute sc command to manage services on SVR2. This…
teo
  • 143
  • 1
  • 3
2
votes
4 answers

If you need to open ports from DMZ to LAN, at what point is the separation no longer worth it?

If you have a DMZ with one or more servers/services (maybe FTP, HTTP en SMTP). And you have a LAN with typical serversservices (like file sharing, Active Directory, database server). Depending on the integration of services and resources, the…
Michiel van Oosterhout
  • 250
  • 1
  • 4
  • 13
2
votes
1 answer

Web server with access to internet and internet Active Directory

This might sound like a stupid and unsecure question, but we're front-end web delopers and don't know that much about these things. So here goes.. We're creating a web app where we want to log in using credentials from Active Directory. Only read…
user216357
  • 33
  • 3
2
votes
1 answer

Managing ServerCore 2008 R2 in DMZ

I am looking to replace our DMZ servers with Server Core editions but am struggling with remote management. The computers in the DMZ are in a workgroup while the client I am connecting from is on our domain. Whenever I load an MMC or Server…
user35213
1 2
3
13 14