Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)
NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.
NB: All your data is kept safe from the public.
Connecting internal corporate services to the internet is a challenge because exposing these servers to external environments poses a massive risk in terms of security. Demilitarized zones (DMZ) act as a borderline between a corporate network and the internet and protect internal resources from being reached from outside (Cybersecurity and Infrastructure Security Agency, 2016). However, there are times when it is required that an organization places servers with sensitive data in DMZ.
For instance, an identity server could be set in the borderline to authenticate and authorize users so they can access corporate resources from external networks (Pal, 2018). While it facilitates user authentication, there are security implications of this solution because user passwords and accounts need to be protected while advising employees a convenient way to authenticate.
A simple way of ensuring the integrity of the inner network when putting identity services in DMZ is having two separate databases with user accounts. The server in DMZ will have its own copy, and thus, will not need to connect to internal directory systems to retrieve user data (Pal, 2018). However, there are operational costs associated with this approach because manual work needs to be done to ensure the consistency of databases. Replicating directory services to be used by servers in DMZ is another method, but it may require separate licenses for those replicas (Pal, 2018).
The cost and performance-effective approach would be to place authentication servers behind DMZ because no replicas or database copies would be necessary. However, exposing additional ports to external networks increases the likelihood of security breaches. An alternative way of reaching the same goal is to use Virtual Private Networks (VPN). Instead of putting an authentication server in DMZ and working to secure database copies and directory replicas, a VPN server may be used as a single point of entry for employees.
References
Cybersecurity and Infrastructure Security Agency. (2016). Control systems cyber security defense in depth strategies. Web.
Pal, D. (2018). Identity management for systems in a DMZ. Red Hat. Web.
Do you need this or any other assignment done for you from scratch?
We have qualified writers to help you.
We assure you a quality paper that is 100% free from plagiarism and AI.
You can choose either format of your choice ( Apa, Mla, Havard, Chicago, or any other)
NB: We do not resell your papers. Upon ordering, we do an original paper exclusively for you.
NB: All your data is kept safe from the public.