Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

(Authentication) server inside DMZ

Sep 21, 2018 6:56AM PDT

Hello,

I am currently working on a school assignment that involves creating a network for a fictional customer. One function they require is that third party's need to be able to connect to the company's file-server. For security reasons, I don't want to put the file-server inside my DMZ. I've heard that I can set up an authentication server inside my DMZ that authorizes the third party's to access files within the closed of portion of the LAN. Can anybody tell me how to execute this? I can't seem to find much information on this topic. Probably not searching in the right area's

Thanks in advance!

Discussion is locked

- Collapse -
Answer
I'm going to dismiss this is homework.
Sep 21, 2018 8:33AM PDT

And write that such a file server is usually just setup and authenticates locally. It can be Linux or Windows Server. Setting it up as you noted would be onerous and rarely done except as an exercise.

- Collapse -
.
Sep 21, 2018 12:44PM PDT

Thank you for the fast response!

It is actually not mandatory for my project. It is just a little extra to make the network more secure, so please don't see this as cheating! Happy.

I have the file-server in behind my DMZ. The idea was to have a RADIUS server to retrieve the requested files from the file-server behind the secured router. My teacher told me this is how it should work. Maybe it sounds really weird?

- Collapse -
Not weird.
Sep 21, 2018 1:28PM PDT

Just rarely if ever done due to complexity with little gain and maybe even a negative move about security. That is, more secure may actually be less secure.

- Collapse -
Answer
Well my work we use Microsoft's active directory
Sep 24, 2018 6:35AM PDT

to authenicate and login to our network. Proper access is needed on each server to login to that server or we have accounts that are local to the server that have admin rights. We have at time put servers in our DMZ to access outside our firewall but we don't do that anymore. So our servers are all inside our firewall and protected from the outside world. Now we have cloud app that are accessible using a tool that allows single sign on access (Okta) to both cloud apps and app on our internal servers.