Question

(Authentication) server inside DMZ

Sep 21, 2018 6:56AM PDT

Hello,

I am currently working on a school assignment that involves creating a network for a fictional customer. One function they require is that third party's need to be able to connect to the company's file-server. For security reasons, I don't want to put the file-server inside my DMZ. I've heard that I can set up an authentication server inside my DMZ that authorizes the third party's to access files within the closed of portion of the LAN. Can anybody tell me how to execute this? I can't seem to find much information on this topic. Probably not searching in the right area's

Thanks in advance!

Discussion is locked

Follow
Reply to: (Authentication) server inside DMZ
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: (Authentication) server inside DMZ
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
I'm going to dismiss this is homework.
Sep 21, 2018 8:33AM PDT

And write that such a file server is usually just setup and authenticates locally. It can be Linux or Windows Server. Setting it up as you noted would be onerous and rarely done except as an exercise.

- Collapse -
.
Sep 21, 2018 12:44PM PDT

Thank you for the fast response!

It is actually not mandatory for my project. It is just a little extra to make the network more secure, so please don't see this as cheating! Happy.

I have the file-server in behind my DMZ. The idea was to have a RADIUS server to retrieve the requested files from the file-server behind the secured router. My teacher told me this is how it should work. Maybe it sounds really weird?

- Collapse -
Not weird.
Sep 21, 2018 1:28PM PDT

Just rarely if ever done due to complexity with little gain and maybe even a negative move about security. That is, more secure may actually be less secure.

- Collapse -
Answer
Well my work we use Microsoft's active directory
Sep 24, 2018 6:35AM PDT

to authenicate and login to our network. Proper access is needed on each server to login to that server or we have accounts that are local to the server that have admin rights. We have at time put servers in our DMZ to access outside our firewall but we don't do that anymore. So our servers are all inside our firewall and protected from the outside world. Now we have cloud app that are accessible using a tool that allows single sign on access (Okta) to both cloud apps and app on our internal servers.

CNET Forums

Forum Info