Dump Your DMZ!
Source: Redmond Mag - Posted by Benjamin D. Thomas   
Network Security DMZs (short for demilitarized zones) have been a standard component of network design ever since firewalls were invented. A DMZ is a network segment that contains all resources, such as Web servers and mail servers, accessible from the Internet. Implementing a DMZ allows you to limit network traffic from the Internet to these resources in the DMZ, while preventing any network traffic from the Internet to your internal network. As a general rule, a DMZ server should never contain any valuable data, so even if someone managed to break into a server in the DMZ, the damage would be minor.

Things get more complicated when you need to allow some traffic between the DMZ and other servers. You may have SMTP relay servers in your DMZ that need to communicate with internal mail servers or a Web server that gets its data from an internal database server. Unfortunately, implementing a DMZ-based solution that allows for such communications often leads to an inefficient or ineffective DMZ.

Read this full article at Redmond Mag

Only registered users can write comments.
Please login or register.

Powered by AkoComment!