Filter by Category

What is a DMZ and Why Do You Need a DMZ Secure Gateway?

Secure your file transfers and servers with DMZ secure gateway software

If you’ve watched a science-fiction movie about space travel, then you’ve likely seen some version of a scene in which an astronaut reenters their ship from the outside abyss. Because the ship exists as a haven from the dangerous environment of empty space, the astronaut cannot simply open the door and stroll directly into the cockpit. To do so would compromise the human-compatible environment of the Millennium Falcon or USS Enterprise.

Instead, the astronaut first enters an outside chamber, which is sealed off from the main vessel. After the doors reseal securely behind them, pressure returns to normal, the air is filled with oxygen, and the astronaut can open the doors to rejoin Spock or Han Solo.

No doubt that your organization is also exploring frontiers and executing daring missions. However, your light-speed travel most likely happens across internet connections rather than galaxies. Even so, data files may enter and exit your internal system in a similar way to an astronaut and their ship: through a DMZ.

What does a DMZ do?

In today’s business world, exchanging files with customers and trading partners is essential; this makes data security an even more pressing challenge. A DMZ (Demilitarized Zone) functions somewhat like the chamber that allows space travelers to enter and reenter the ship without compromising its safety. It’s the neutral network that resides between your company’s private network and the Internet, containing asteroids, aliens, and other dangers.

How does a DMZ work?

An organization’s DMZ typically contains web servers, FTPS, SFTP, and HTTPS servers, as well as other services it wants to make available to customers and trading partners. To serve the organization’s purpose, these services need access to the files that will be shared with partners.

Like the double airlocks of a spaceship’s chamber, the DMZ limits files on both ends. The DMZ is provisioned with a front-end firewall that limits inbound Internet traffic to certain systems within its zone. On the back end, another firewall is placed to prevent unauthorized access from the DMZ into the private network.

A DMZ serves as a staging area between an organization’s private network and Internet. In order to share a document with a trading partner, an internal program or employee can first copy the file from the private network onto a server in the DMZ. The partner can then download the file from that server using FTPS, SFTP, or HTTPS. Trading partners can also share files with the organization by uploading to a server in the DMZ through a similar process.

Is the DMZ dangerous?

Staging files in a publicly accessible DMZ comes with vulnerabilities.

For example, if attackers gain entry to a file server in the DMZ, they may be able to access user credentials or sensitive trading partner files that were placed there, encrypted or not. In fact, data security compliance auditors are increasingly prohibiting data storage in the DMZ. Also at risk is your file sharing software, especially if it’s administered from the DMZ itself. An attacker could create a "back door" user account into an SFTP server through its admin console, and this seemingly "legitimate" user could then be used to gather sensitive data files over time.

For a limited time, use GoAnywhere's remote collaboration tools free for 90 days

An organization may react to these threats by moving its file sharing services (e.g. FTPS servers or SFTP servers) and sensitive data files from the DMZ into its private network. However, the private network’s inbound ports would traditionally need to be opened, which in turn creates an entirely new set of potential exposures and compliance issues.

Why do you need a DMZ secure gateway?

A DMZ secure gateway, like GoAnywhere Gateway, allows files to be shared without ever being stored in the DMZ or having to open inbound ports. It solves security concerns by allowing an organization to move file sharing and other public services from the DMZ into the private network. This software is stored on a hardened server in the DMZ and includes forward and reverse proxy services. To your trading partners, the process will appear to use the same protocols and ports as before.

GoAnywhere's DMZ secure gateway and DMZ proxy

Internal users can make connections to external systems while hiding the identities and locations of the internal systems for security purposes. When a trading partner wants to initiate a file exchange, the gateway will connect to the partner without opening any inbound ports. This makes the gateway like a "middle man" that acts between the user and the external server.

Learn more about these secret weapons of data security

Keep files moving in and out of your organization while protecting the mothership. Live long and prosper! For more information, download the entire complementary white paper on DMZ.

Download the DMZ Guide

Latest Posts

iPaaS and MFT: What You Need to Know

September 24, 2020

Once upon a time, you carried an MP3 player to listen to music, a cell phone to text and make calls, and a book if you wanted to read. Video games and the internet? Best to use your preferred gaming…

What is Electronic File Transfer?

September 22, 2020

Meet Electronic File Transfer If your IT department is still relying on outdated methods like FTP, PC tools, or legacy scripts to meet your organization’s data transfer needs, now is the time to…

What is a Cloud Connector?

September 17, 2020

The cloud and all its possibilities for connecting with customers, vendors, trading partners, and more is exciting. Managing your organization’s transition to the cloud – whether you’re…

How Amazon Web Services Works with GoAnywhere MFT

September 16, 2020

“Alexa, What is MFT?” While that may not be a question you’ve ever asked your virtual assistant, it’s not outside the realm of possibility – Amazon has quickly become ubiquitous for online…

Why You Should Use Scheduled File Transfer Software

September 15, 2020

Have you set up Amazon auto-deliveries? Installed a smart thermostat to keep your house the perfect temperature throughout the day? Approved auto-pay for your bills? Today’s world makes it easy to…