SprattMaxfield876

出典: くみこみックス

Net and FTP Servers

Each network that has an world wide web connection is at threat of being compromised. While there are numerous methods that you can take to secure your LAN, the only real remedy is to close your LAN to incoming targeted traffic, and restrict outgoing site visitors.

Even so some services such as net or FTP servers need incoming connections. If you need these solutions you will want to think about whether or not it is essential that these servers are element of the LAN, or whether they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you choose its proper name). Ideally all servers in the DMZ will be stand alone servers, with special logons and passwords for every server. If you call for a backup server for machines within the DMZ then you must acquire a committed machine and preserve the backup solution separate from the LAN backup remedy.

The DMZ will come directly off the firewall, which implies that there are two routes in and out of the DMZ, site visitors to and from the web, and targeted traffic to and from the LAN. Traffic among the DMZ and your LAN would be treated entirely separately to targeted traffic among your DMZ and the World wide web. Incoming visitors from the web would be routed directly to your DMZ.

For that reason if any hacker exactly where to compromise a machine inside the DMZ, then the only network they would have access to would be the DMZ. The hacker would have little or no access to the LAN. It would also be the situation that any virus infection or other security compromise inside the LAN would not be in a position to migrate to the DMZ.

In order for the DMZ to be efficient, you will have to preserve the targeted traffic in between the LAN and the DMZ to a minimum. In the majority of cases, the only traffic required in between the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need some sort of remote management protocol such as terminal services or VNC.

Database servers

If your internet servers demand access to a database server, then you will need to have to contemplate exactly where to place your database. The most secure location to locate a database server is to produce however an additional physically separate network called the secure zone, and to location the database server there.

The Secure zone is also a physically separate network connected straight to the firewall. The Secure zone is by definition the most secure spot on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if necessary).

Exceptions to the rule

The dilemma faced by network engineers is where to place the e-mail server. It requires SMTP connection to the world wide web, yet it also requires domain access from the LAN. If you where to place this server in the DMZ, the domain visitors would compromise the integrity of the DMZ, creating it basically an extension of the LAN. Consequently in our opinion, the only location you can place an e-mail server is on the LAN and permit SMTP site visitors into this server. Nonetheless we would recommend against enabling any type of HTTP access into this server. If your users call for access to their mail from outdoors the network, it would be far more secure to look at some form of VPN solution. (with the firewall handling the VPN connections. LAN based VPN servers allow the VPN site visitors onto the network just before it is authenticated, which is by no means a great thing.) --------------------------- Bloco de notas


Não é possível encontrar "csv"


OK


---------------------------

Bloco de notas


Não é possível encontrar "csv"


OK


---------------------------

Bloco de notas


Não é possível encontrar "csv"


OK


表示