Collaborate Disseminate
Consider that the two cities A and B have offices of a company and both these offices have their own isolated networks. People at site B used to communicate using an application which has its server located inside the same ne… Continue reading Comparing Site to Site VPN with DMZ
I was reading about DMZs in this e-book and found this diagram, Figure 2-23
(use command+F to jump to it)
http://etutorials.org/Networking/Router+firewall+security/Part+I+Security+Overview+and+Firewalls/Chapter+2.+Introduct… Continue reading How does a DMZ handle requests from the internet?
I need help explaining to non security people why I want to require the webserver/presentation layer in a dmz. I’ve given options for a tier two (presentation/logic -> logic/data in zones) architecture and an three tier architecture (presentation -> logic -> data zones).
Their argument is that I should be fine with firewall -> F5 with ASM -> firewall -> Presentation/Logic/data layer all in one zone. Their argument is that this is a two tiered architecture so should count to meet my requirement. I’ve asked them to find me an industry standard document explaining security design this way and have been stonewalled — probably because there are not any.
I’m having difficulty explaining that the first thing a hacker from the internet touches should be dead ended and prevent north-south movement into the next zone. They want it in terms of architectural capabilities.
An ideas on how to explain a two tier application security design architecture in terms of architectural capabilities? Any other ideas would be helpful too.
Continue reading DMZ layer for web server/presentation layer
I have a Windows Server 2008 r2 machine on DMZ. We have a shared folder on there that one day a couple weeks ago was no longer able to be accessed. No changes occurred except for maybe windows updates. I am having an issue… Continue reading DMZ to LAN. SMB Print and File Sharing not working!! PLEASE HELP! [migrated]
I’m planning to set up a local server (Minecraft) accessible by only one other person connecting from a static IP. It’s on a dedicated machine that I can easily wipe (Raspberry Pi).
I’m looking to expose only one port, keep … Continue reading Network isolation for a single device
Russell Smith outlines two new features of Azure Active Directory Connect, Seamless Single Sign-On and Pass-Through Authentication.
The post Azure Active Directory Connect Makes Cloud Single Sign-On Easy appeared first on Petri.
Continue reading Azure Active Directory Connect Makes Cloud Single Sign-On Easy
The system I am working on primarily use Google App Engine for my main web app and Amazon Cloudfront/S3 for hosting static data.
Now as an audit exercise this question is out to me:
Are the internet facing components of… Continue reading Do AWS and GAE use DMZ?
Am trying to run a tor-relay on my raspberry-pi. I have a static IP configured on my pi and enabled the tor service.
But when I tried to do port forwarding for my pi’s static ip on my ORport, it is still not visible from th… Continue reading Port forwarding and DMZ not working
Here is my situation:
I have a typical network setup, with DMZ and internal segment, with a VPN concentrator. Because we have external collaborators, the GIT/SVN servers are in the DMZ. Individual collaborators are given cre… Continue reading Moving GIT/SVN servers to internal network segment while still allowing external collaboration
I have a problem understanding how a DMZ would be implemented. I’ve read two different answers regarding the communication between the DMZ and the internal network. Some people suggest that you can open some connections from … Continue reading How would a DMZ work