RaceMeeker624
Internet and FTP Servers
Each and every network that has an internet connection is at risk of getting compromised. Whilst there are numerous actions that you can take to secure your LAN, the only true answer is to close your LAN to incoming visitors, and restrict outgoing targeted traffic.
However some solutions such as net or FTP servers need incoming connections. If you call for these services you will need to have to contemplate regardless of whether it is essential that these servers are component of the LAN, or whether or not they can be placed in a physically separate network known as a DMZ (or demilitarised zone if you prefer its appropriate name). Ideally all servers in the DMZ will be stand alone servers, with special logons and passwords for every single server. If you need a backup server for machines within the DMZ then you must acquire a dedicated machine and preserve the backup remedy separate from the LAN backup solution.
The DMZ will come directly off the firewall, which means that there are two routes in and out of the DMZ, site visitors to and from the internet, and visitors to and from the LAN. Site visitors between the DMZ and your LAN would be treated totally separately to visitors in between your DMZ and the Internet. Incoming targeted traffic from the web would be routed straight to your DMZ.
Therefore if any hacker exactly where to compromise a machine inside the DMZ, then the only network they would have access to would be the DMZ. The hacker would have tiny or no access to the LAN. It would also be the case that any virus infection or other security compromise inside the LAN would not be able to migrate to the DMZ.
In order for the DMZ to be successful, you will have to hold the targeted traffic in between the LAN and the DMZ to a minimum. In the majority of circumstances, the only targeted traffic essential among the LAN and the DMZ is FTP. If you do not have physical access to the servers, you will also need to have some sort of remote management protocol such as terminal services or VNC.
Database servers
If your web servers need access to a database server, then you will need to have to think about where to location your database. The most secure place to find a database server is to produce yet yet another physically separate network named the secure zone, and to location the database server there.
The Secure zone is also a physically separate network linked straight to the firewall. The Secure zone is by definition the most secure location on the network. The only access to or from the secure zone would be the database connection from the DMZ (and LAN if needed).
Exceptions to the rule
The dilemma faced by network engineers is exactly where to place the e-mail server. It requires SMTP connection to the web, however it also requires domain access from the LAN. If you exactly where to spot this server in the DMZ, the domain visitors would compromise the integrity of the DMZ, producing it simply an extension of the LAN. Therefore in our opinion, the only place you can place an e-mail server is on the LAN and enable SMTP site visitors into this server. However we would advocate against enabling any type of HTTP access into this server. If your users need access to their mail from outdoors the network, it would be far far more secure to appear at some form of VPN remedy. (with the firewall handling the VPN connections. LAN based VPN servers enable the VPN targeted traffic onto the network ahead of it is authenticated, which is by no means a excellent factor.) --------------------------- Bloco de notas
Não é possível encontrar "csv"
OK
---------------------------
Bloco de notas
Não é possível encontrar "csv"
OK
---------------------------
Bloco de notas
Não é possível encontrar "csv"
OK
