Identity Management for Systems in a DMZ Essay

Exclusively available on IvyPanda Available only on IvyPanda

Connecting internal corporate services to the internet is a challenge because exposing these servers to external environments poses a massive risk in terms of security. Demilitarized zones (DMZ) act as a borderline between a corporate network and the internet and protect internal resources from being reached from outside (Cybersecurity and Infrastructure Security Agency, 2016). However, there are times when it is required that an organization places servers with sensitive data in DMZ.

We will write a custom essay on your topic a custom Essay on Identity Management for Systems in a DMZ
808 writers online

For instance, an identity server could be set in the borderline to authenticate and authorize users so they can access corporate resources from external networks (Pal, 2018). While it facilitates user authentication, there are security implications of this solution because user passwords and accounts need to be protected while advising employees a convenient way to authenticate.

A simple way of ensuring the integrity of the inner network when putting identity services in DMZ is having two separate databases with user accounts. The server in DMZ will have its own copy, and thus, will not need to connect to internal directory systems to retrieve user data (Pal, 2018). However, there are operational costs associated with this approach because manual work needs to be done to ensure the consistency of databases. Replicating directory services to be used by servers in DMZ is another method, but it may require separate licenses for those replicas (Pal, 2018).

The cost and performance-effective approach would be to place authentication servers behind DMZ because no replicas or database copies would be necessary. However, exposing additional ports to external networks increases the likelihood of security breaches. An alternative way of reaching the same goal is to use Virtual Private Networks (VPN). Instead of putting an authentication server in DMZ and working to secure database copies and directory replicas, a VPN server may be used as a single point of entry for employees.

References

Cybersecurity and Infrastructure Security Agency. (2016). Control systems cyber security defense in depth strategies. Web.

Pal, D. (2018). . Red Hat. Web.

Print
Need an custom research paper on Identity Management for Systems in a DMZ written from scratch by a professional specifically for you?
808 writers online
Cite This paper
Select a referencing style:

Reference

IvyPanda. (2022, September 18). Identity Management for Systems in a DMZ. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/

Work Cited

"Identity Management for Systems in a DMZ." IvyPanda, 18 Sept. 2022, ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

References

IvyPanda. (2022) 'Identity Management for Systems in a DMZ'. 18 September.

References

IvyPanda. 2022. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

1. IvyPanda. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.


Bibliography


IvyPanda. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

Powered by CiteTotal, best bibliography tool
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda. Request the removal
More related papers
Cite
Print
1 / 1