Actually, the reason you use a DMZ is because if a vulnerability is
found in you web server and you box gets taken over, the hacker doesn't
have access to your entire LAN, only stuff that is sitting in your DMZ
(DeMilitarised Zone). You still firewall your DMZ, and usually have a
2nd firewall between your DMZ and your LAN.
Phoenix
Dustin Oprea wrote:
The web server will then receive everything that isn't assigned to
port-forward. This includes worms and such that prey on the weaknesses
of whatever machine they can reach, including the hapless MSIE-enabled
Windows machine that the DMZ entry might point to. This just seems
unnecessary considering your typical webserver usually requires just one
port coming in.
If you absolutely, positively need a DMZ host, it's because you ran out
of slots for port-forwarding on your router, and just need enough things
on one machine that you just set the entire thing as a DMZ. If you need
a DMZ and you can help it, use a Linux box.
Dustin
Michael Louie Loria wrote:
Hello,
What is the difference if I place the web server in DMZ or behind the
router via Port forward?
What are the security, performance ... issues between the 2?
Thanks,
Michael Louie Loria
LoRz Technology Solutions
http://www.lorztech.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
