“This is a case study of a medium-sized computer hardware online
retailer that understands the value of network and host security,
since its business depends upon reliable and secure online
transactions. Its internal network and DMZ setup was designed with
security in mind, verified by outside experts, protected by latest
in security technology and monitored using advanced audit trail
aggregation tools. Following the philosophy of defense-in depth,
two different firewalls and two different intrusion detection
systems were used. The DMZ setup was of the bastion network type
with one firewall separating the DMZ from the hostile Internet and
another protecting internal networks from DMZ and Internet attacks.
Two network IDS were sniffing the DMZ traffic. In the DMZ the
company has gathered the standard set of network servers (all
running some version of UNIX or Linux): web, email, DNS servers and
also a dedicated FTP server, used to distribute hardware drivers
for the company inventory. The FTP server, running Red Hat 7.2, is
the subject of this account. This server was the latest addition to
the company network.“Let’s shed some more light on the DMZ setup, since it provides
an explanation why the attack went the way it did. Outside firewall
(Firewall 1 on the picture) provided NAT services and only allowed
access to a single port on each of the DMZ hosts. Evidently, those
were TCP port 80 on web server, TCP port 25 on the mail server, TCP
and UDP ports 52 on DNS server and TCP ports 21 and 20 on the ftp
server. No connections to outside machines were allowed from any
DMZ machine. Internal firewall blocked all connections from the DMZ
to internal LAN (no exceptions) and allowed connections that
originated from the internal LAN to DMZ machines (only specified
ports for management and configuration). The second firewall
(Firewall 2 on the diagram) also worked as application-level proxy
for web and other traffic (no direct connections to the Internet
from internal LAN were allowed). In addition, each DMZ machine was
hardened and ran a host-based firewall, only allowing connections
on a single specified port (two for the FTP) as mentioned above
from outside and NOT from other DMZ machines. While it is unwise to
claim that their infrastructure was unassailable, it is quite
reasonable to say that it was ‘better than most…'”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.