Actually, the reason you use a DMZ is because if a vulnerability is found in you web server and you box gets taken over, the hacker doesn't have access to your entire LAN, only stuff that is sitting in your DMZ (DeMilitarised Zone). You still firewall your DMZ, and usually have a 2nd firewall between your DMZ and your LAN. Phoenix Dustin Oprea wrote:
The web server will then receive everything that isn't assigned to port-forward. This includes worms and such that prey on the weaknesses of whatever machine they can reach, including the hapless MSIE-enabled Windows machine that the DMZ entry might point to. This just seems unnecessary considering your typical webserver usually requires just one port coming in.If you absolutely, positively need a DMZ host, it's because you ran out of slots for port-forwarding on your router, and just need enough things on one machine that you just set the entire thing as a DMZ. If you need a DMZ and you can help it, use a Linux box.Dustin Michael Louie Loria wrote:Hello, What is the difference if I place the web server in DMZ or behind the router via Port forward? What are the security, performance ... issues between the 2? Thanks, Michael Louie Loria LoRz Technology Solutions http://www.lorztech.com--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|