Background

Demilitarized Zone (DMZ) Services

Firewall/Gateway

Internal Services

Internal Clients

Future Plans
back to Background page 2 of 6 continue to Firewall/Gateway

Network and Computer Services: Demilitarized Zone (DMZ) Services

While a firewalled subnet has distinct security advantages, it can also create certain problems, for instance, when a user wants to transfer files into the protected subnet from outside the network. Client-side applications running on the internal network can access services on the external network, but not vice-versa. To resolve these issues, I set up a server outside the firewall running several important services: HTTP, FTP, and POP. I will now briefly describe these services.

External HTTP/HTTPS

  • Apache is the industry standard web server, running over 50% of the servers in the world. It is responsible for sharing files with clients using the Hypertext Transfer Protocol (HTTP).

  • HTTP is an plain text protocol. This means that it is ill-suited for transporting sensitive data like passwords or personal information. To provide a means to securely share information on the web, there is another standard built on top of HTTP, called Secure Hypertext Transfer Protocol (HTTPS). I have set up mod_ssl to provide this additional encryption protocol.

  • PHP is an HTML (Hypertext Markup Langauge) embedded scripting language.

  • MySQL is a database language.

External CVS

Version control (or revision control) is used to keep track of file revisions -- typically, revisions to source code. Generally, a version control system maintains information about the history of a document or project to 1) retrieve older versions, 2) track changes, and 3) coordinate the efforts of a group of collaborators. The basic idea is to create a centralized area, managed by the version control system, to store files; this is called a repository (or archive). Users can check files out of the repository to their local filesystem, called a sandbox (or working directory). Of course, the crucial issue that the version control system has to deal with is making sure developers do not accidentally overwrite each other's changes. This is dealt with through two main approaches: the locking model and the merging model. The locking model forces at most one user to change a file at a time; while, the merging model removes this restriction and attempts to merge various user changes.

  • CVS uses a merging model designed to allow multiple users to simultaneously work on the same file.

  • ViewCVS provides an interface allowing users to view the CVS repository via the web. You can find our repository here: BIC CVS repository

External POP

  • Postfix is a mail program written to be compatible with the widely used Sendmail program, but with an increased emphasis on speed, security, and ease of use.

  • Mailman is a collection of Python scripts for managing electronic mailing lists. It allows both users and administrators to manage their accounts through the web. I have set up a Mailman server for the BIC and its associated labs which can be accessed here: BIC Mailing List

External FTP

  • ProFTPD is a secure, highly configurable GPLed FTP server. Our FTP server can be accessed here: BIC FTP