Index.php
From Pokelibrary
Web and FTP Servers
Every network that has a web connection are at risk of being affected. Although there are numerous steps that one may try secure your LAN, really the only answer is to shut your LAN to incoming traffic, and reduce outgoing traffic.
However some services such as for example net or FTP servers require incoming connections. If you require these services you'll have to consider whether it's necessary that these servers are the main LAN, or whether they can be put in a physically split network a known (or demilitarised region if its proper name is preferred by you. Preferably all servers in the DMZ will soon be stand alone servers, with unique logons and accounts for every single server. If you demand a backup server for devices within the DMZ then you should acquire a dedicated machine and keep the backup solution independent from the LAN backup solution.
The DMZ should come right off the firewall, meaning there are two paths in and out of the DMZ, traffic to and from the internet, and traffic to and from the LAN. Traffic between the DMZ and your LAN will be treated completely individually to traffic between your DMZ and the Web. Incoming traffic from the internet could be sent right to your DMZ.
Therefore if any hacker where to compromise a device within the DMZ, then the only community they would have usage of would function as the DMZ. The hacker would have little or no use of the LAN. It'd also be the case that any virus infection and other security compromise within the LAN would not manage to migrate to the DMZ.
For the DMZ to succeed, you will have to keep the traffic between the LAN and the DMZ to a minimum. In many cases, the only traffic expected between your LAN and the DMZ is FTP. If you do not have physical access to the servers, you'll also need some kind of rural management process such as for example critical services or VNC.
Database servers
If your web servers require access to a database server, then you definitely will need to consider where to place your database. The most secure place to locate a database server is to create just one more physically split up network called the secure area, and to place the database server there.
The Secure sector can also be a physically separate network linked right to the firewall. The Secure zone is by definition the absolute most secure place on the community. The only use of or from the secure area will be the database link from the DMZ (and LAN if required).
Exceptions to the rule
The challenge faced by system engineers is where to put the e-mail server. It requires SMTP connection to the web, yet domain access is also required by it from the LAN. If you where to position this host in the DMZ, the site traffic could compromise the integrity of the DMZ, making it simply an of the LAN. Therefore in our opinion, the only real place you are able to allow SMTP traffic in to this server and put an email server is on the LAN. Nevertheless we would recommend against allowing any form of HTTP access into this server. If access is required by your users to their mail from outside the community, it would be much more safe to look at some form of VPN solution. (with the firewall managing the VPN connections. LAN based VPN servers allow the VPN traffic onto the system before it is authenticated, that is never a great thing.) [ Encyclopédie sur la sexualité de ré]
