AD site requirements when using a DMZ
Site design when using a DMZ
read more Continue reading AD site requirements when using a DMZ
Category Archives: DMZ
Microsoft Shares Interesting Secure Azure Network Design
Microsoft recently shared a detailed design for a secure network deployment in Azure, based on the United Kingdom’s cloud security principles. The focus of Microsoft’s article was on the UK, but we can use this design as a basis for other deployments.
The post Microsoft Shares Interesting Secure Azure Network Design appeared first on Petri.
Continue reading Microsoft Shares Interesting Secure Azure Network Design
Proxy between web server in DMZ and SOAP-service in internal network?
I have a web server which is located in a DMZ, and exposed to the internet.
I also have an application server hosting a SOAP-service in the internal network.
I need to access the SOAP-service from the web server.
I know co… Continue reading Proxy between web server in DMZ and SOAP-service in internal network?
Protecting data within the intranet from internet
i want to build an internet facing website that interact with internal resource such as referential data.
We have a DMZ zone and intranet zone. When users logs in to the website, the http web server in dmz makes a connectio… Continue reading Protecting data within the intranet from internet
By how much does virtualizing a perimeter firewall reduce network security?
I am looking to set up a hardware firewall for my home network. However, I am but a poor lowly student so I’m looking to virtualise to reduce hardware costs.
Now for a diagram to explain what I have in my head (and also because I just like diagrams):
+----------+
| Internet |
+----------+
‖
‖ Server running
‖ Hypervisor
+------O-------------------+ = and ‖ both represent network connections
| ‖ WAN DMZ |
| +---------+ +--------+ | The "O" symbol indicates a physical NIC
| | pfSense |===| Debian | |
| +---------+ +--------+ | pfSense and Debian are both VMs
| ‖ LAN |
+------O-------------------+ The Debian VM will run an Apache server
‖
‖ The Hypervisor ONLY exposes its management
+-----+ interface on the LAN NIC
| LAN |
+-----+
Now clearly having two physically separate machines is preferable to the above from a security standpoint, as the WAN attack surface is reduced. My question is by how much is the attack surface reduced?
I do not have an affinity for any particular hypervisor however given my testing so far the free VMware vSphere Hypervisor is looking to be the best.
Continue reading By how much does virtualizing a perimeter firewall reduce network security?
udp port 1194 forward through from gateway to LAN server through DMZ
my iptables rules don’t seem to work, I do not understand what’s wrong.
could somebody be kind enough to give me a hint ? thanks in advance
iptables -t nat -A PREROUTING -d $INET_IP -p udp –dport 1194 -j DNAT –to $NAS_IP:… Continue reading udp port 1194 forward through from gateway to LAN server through DMZ
Best Practices with Azure ARM Network Security Groups
In this post about Azure network security group best practices, Aidan offers tips for creating, configuring, and associating network security groups (NSGs) in Azure Resource Manager or CSP.
The post Best Practices with Azure ARM Network Security Groups appeared first on Petri.
Continue reading Best Practices with Azure ARM Network Security Groups
Implementing a DMZ for Microsoft Azure Virtual Machines
Aidan Finn provides step-by-step instructions for deploying a DMZ in Microsoft Azure using Azure virtual networks.
The post Implementing a DMZ for Microsoft Azure Virtual Machines appeared first on Petri.
Continue reading Implementing a DMZ for Microsoft Azure Virtual Machines
Non-Sensitive/Non-Critical Database and Web server protections?
I have an unrestricted DMZ that is currently set up with a non-critical/non-sensitive web server and database server inside. The database server gets interfaces from two critical systems but does not store any critical inform… Continue reading Non-Sensitive/Non-Critical Database and Web server protections?