Filter by Category

What is a DMZ and Why Do You Need a DMZ Secure Gateway?

Secure your file transfers and servers with DMZ secure gateway software

If you’ve watched a science-fiction movie about space travel, then you’ve likely seen some version of a scene in which an astronaut reenters their ship from the outside abyss. Because the ship exists as a haven from the dangerous environment of empty space, the astronaut cannot simply open the door and stroll directly into the cockpit. To do so would compromise the human-compatible environment of the Millennium Falcon or USS Enterprise.

Instead, the astronaut first enters an outside chamber, which is sealed off from the main vessel. After the doors reseal securely behind them, pressure returns to normal, the air is filled with oxygen, and the astronaut can open the doors to rejoin Spock or Han Solo.

No doubt that your organization is also exploring frontiers and executing daring missions. However, your light-speed travel most likely happens across internet connections rather than galaxies. Even so, data files may enter and exit your internal system in a similar way to an astronaut and their ship: through a DMZ.

What does a DMZ do?

In today’s business world, exchanging files with customers and trading partners is essential; this makes data security an even more pressing challenge. A DMZ (Demilitarized Zone) functions somewhat like the chamber that allows space travelers to enter and reenter the ship without compromising its safety. It’s the neutral network that resides between your company’s private network and the Internet, containing asteroids, aliens, and other dangers.

How does a DMZ work?

An organization’s DMZ typically contains web servers, FTPS, SFTP, and HTTPS servers, as well as other services it wants to make available to customers and trading partners. To serve the organization’s purpose, these services need access to the files that will be shared with partners.

Like the double airlocks of a spaceship’s chamber, the DMZ limits files on both ends. The DMZ is provisioned with a front-end firewall that limits inbound Internet traffic to certain systems within its zone. On the back end, another firewall is placed to prevent unauthorized access from the DMZ into the private network.

A DMZ serves as a staging area between an organization’s private network and Internet. In order to share a document with a trading partner, an internal program or employee can first copy the file from the private network onto a server in the DMZ. The partner can then download the file from that server using FTPS, SFTP, or HTTPS. Trading partners can also share files with the organization by uploading to a server in the DMZ through a similar process.

Is the DMZ dangerous?

Staging files in a publicly accessible DMZ comes with vulnerabilities.

For example, if attackers gain entry to a file server in the DMZ, they may be able to access user credentials or sensitive trading partner files that were placed there, encrypted or not. In fact, data security compliance auditors are increasingly prohibiting data storage in the DMZ. Also at risk is your file sharing software, especially if it’s administered from the DMZ itself. An attacker could create a "back door" user account into an SFTP server through its admin console, and this seemingly "legitimate" user could then be used to gather sensitive data files over time.

For a limited time, use GoAnywhere's remote collaboration tools free for 90 days

An organization may react to these threats by moving its file sharing services (e.g. FTPS servers or SFTP servers) and sensitive data files from the DMZ into its private network. However, the private network’s inbound ports would traditionally need to be opened, which in turn creates an entirely new set of potential exposures and compliance issues.

Why do you need a DMZ secure gateway?

A DMZ secure gateway, like GoAnywhere Gateway, allows files to be shared without ever being stored in the DMZ or having to open inbound ports. It solves security concerns by allowing an organization to move file sharing and other public services from the DMZ into the private network. This software is stored on a hardened server in the DMZ and includes forward and reverse proxy services. To your trading partners, the process will appear to use the same protocols and ports as before.

GoAnywhere's DMZ secure gateway and DMZ proxy

Internal users can make connections to external systems while hiding the identities and locations of the internal systems for security purposes. When a trading partner wants to initiate a file exchange, the gateway will connect to the partner without opening any inbound ports. This makes the gateway like a "middle man" that acts between the user and the external server.

Learn more about these secret weapons of data security

Keep files moving in and out of your organization while protecting the mothership. Live long and prosper! For more information, download the entire complementary white paper on DMZ.

Download the DMZ Guide

Latest Posts

How to Comply with Brazil's Lei Geral de Proteção de Dados (LGPD)

January 14, 2021

What is Brazil’s LGPD?LGPD stands for Lei Geral de Proteção de Dados (General Data Protection Law), which is a law streamlining what was previously 40 separate statutes protecting personal data…

What is SSL, TLS, and HTTPS?

January 13, 2021

Meet the Trio SSL, TLS, and HTTPS are a unique trio that each work to help keep your important data secure on the Internet. If you've ever wondered how each of these protocols compares, you’ve…

Is FTPS or SFTP More Secure?

January 12, 2021

FTPS vs. SFTP – Level of Security FTPS and SFTP are two of the mainstream protocols for transferring your sensitive files, but they are not 100 percent equal when it comes to their level of…

How a Remote Workforce Impacts Your Data Security

January 7, 2021

You did it. Many months ago, you sent your employees home armed with their laptops, a few passwords, and a couple of Zoom invites. Now, hunkered down in their stretchy, comfy clothes, thankful for…