Home > Free Essays > Tech & Engineering > Cyber Security >

Identity Management for Systems in a DMZ Essay

Exclusively available on Available only on IvyPanda®
This academic paper example has been carefully picked, checked and refined by our editorial team.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment

Connecting internal corporate services to the internet is a challenge because exposing these servers to external environments poses a massive risk in terms of security. Demilitarized zones (DMZ) act as a borderline between a corporate network and the internet and protect internal resources from being reached from outside (Cybersecurity and Infrastructure Security Agency, 2016). However, there are times when it is required that an organization places servers with sensitive data in DMZ.

For instance, an identity server could be set in the borderline to authenticate and authorize users so they can access corporate resources from external networks (Pal, 2018). While it facilitates user authentication, there are security implications of this solution because user passwords and accounts need to be protected while advising employees a convenient way to authenticate.

A simple way of ensuring the integrity of the inner network when putting identity services in DMZ is having two separate databases with user accounts. The server in DMZ will have its own copy, and thus, will not need to connect to internal directory systems to retrieve user data (Pal, 2018). However, there are operational costs associated with this approach because manual work needs to be done to ensure the consistency of databases. Replicating directory services to be used by servers in DMZ is another method, but it may require separate licenses for those replicas (Pal, 2018).

The cost and performance-effective approach would be to place authentication servers behind DMZ because no replicas or database copies would be necessary. However, exposing additional ports to external networks increases the likelihood of security breaches. An alternative way of reaching the same goal is to use Virtual Private Networks (VPN). Instead of putting an authentication server in DMZ and working to secure database copies and directory replicas, a VPN server may be used as a single point of entry for employees.

References

Cybersecurity and Infrastructure Security Agency. (2016). Control systems cyber security defense in depth strategies. Web.

Pal, D. (2018). . Red Hat. Web.

Rate
Layering and Encapsulation Security Design First American Financial Corporation: Ethics and Information Technology
More related papers
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, September 18). Identity Management for Systems in a DMZ. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/

Work Cited

"Identity Management for Systems in a DMZ." IvyPanda, 18 Sept. 2022, ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

References

IvyPanda. (2022) 'Identity Management for Systems in a DMZ'. 18 September.

References

IvyPanda. 2022. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

1. IvyPanda. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.


Bibliography


IvyPanda. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

Powered by CiteTotal, best bibliography tool
If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
Rate
1 / 1