Home > Free Essays > Tech & Engineering > Cyber Security > Identity Management for Systems in a DMZ

Identity Management for Systems in a DMZ Essay

Exclusively available on IvyPanda Available only on IvyPanda
Updated: Sep 18th, 2022

Connecting internal corporate services to the internet is a challenge because exposing these servers to external environments poses a massive risk in terms of security. Demilitarized zones (DMZ) act as a borderline between a corporate network and the internet and protect internal resources from being reached from outside (Cybersecurity and Infrastructure Security Agency, 2016). However, there are times when it is required that an organization places servers with sensitive data in DMZ.

For instance, an identity server could be set in the borderline to authenticate and authorize users so they can access corporate resources from external networks (Pal, 2018). While it facilitates user authentication, there are security implications of this solution because user passwords and accounts need to be protected while advising employees a convenient way to authenticate.

A simple way of ensuring the integrity of the inner network when putting identity services in DMZ is having two separate databases with user accounts. The server in DMZ will have its own copy, and thus, will not need to connect to internal directory systems to retrieve user data (Pal, 2018). However, there are operational costs associated with this approach because manual work needs to be done to ensure the consistency of databases. Replicating directory services to be used by servers in DMZ is another method, but it may require separate licenses for those replicas (Pal, 2018).

The cost and performance-effective approach would be to place authentication servers behind DMZ because no replicas or database copies would be necessary. However, exposing additional ports to external networks increases the likelihood of security breaches. An alternative way of reaching the same goal is to use Virtual Private Networks (VPN). Instead of putting an authentication server in DMZ and working to secure database copies and directory replicas, a VPN server may be used as a single point of entry for employees.

References

Cybersecurity and Infrastructure Security Agency. (2016). Control systems cyber security defense in depth strategies. Web.

Pal, D. (2018). . Red Hat. Web.

This essay on Identity Management for Systems in a DMZ was written and submitted by your fellow student. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly.
Removal Request
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda.
Request the removal

Need a custom Essay sample written from scratch by
professional specifically for you?

801 certified writers online

Cite This paper
Select a referencing style:

Reference

IvyPanda. (2022, September 18). Identity Management for Systems in a DMZ. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/

Reference

IvyPanda. (2022, September 18). Identity Management for Systems in a DMZ. Retrieved from https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/

Work Cited

"Identity Management for Systems in a DMZ." IvyPanda, 18 Sept. 2022, ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

1. IvyPanda. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.


Bibliography


IvyPanda. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

References

IvyPanda. 2022. "Identity Management for Systems in a DMZ." September 18, 2022. https://ivypanda.com/essays/identity-management-for-systems-in-a-dmz/.

References

IvyPanda. (2022) 'Identity Management for Systems in a DMZ'. 18 September.

Powered by CiteTotal, best bibliography tool
More related papers