Benefits - D-Link DFL-1600 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1600:
- Quick manual (22 pages) ,
- User manual (552 pages) ,
- Log reference manual (476 pages)
Table of Contents
Advertisement
130
Approach 2 – Move the Database Server out to the DMZ network.
: Although all the public accessible data are now on the
DMZ network, the protection to the Database Server is weakened. If
a hacker takes control over the Web Server, he or she can go straight
into the Database.
Approach 3 – Split DMZ into different zones.
: The best approach for this scenario is dividing the DMZ
net into different subnetworks according to different services and
security levels of the components. We put the Database Sever and the
Web Server on separate interfaces of the firewall, and configure access
rules for each interface. If the hacker gets control of the Web Server,
he or she still has very limited access to the Database Server.
16.1.3
Benefits
As illustrated in the previous section, making good use of a DMZ network
provides several advantages on both network security and management's
perspectives:
Splitting services up not only by hosts, but by networks limits the
level of trust among network components. This approach can greatly
reduce the likelihood of penetration on one component being used to
break into the others.
Dividing DMZ into different zones helps to restrict security policies
upon components that having different functions and levels of security.
The scalability of the network architecture is increased by placing
components on different subnetworks.
D-Link Firewalls User's Guide
Chapter 16. DMZ & Port Forwarding
Advertisement
Table of Contents
