Sandra Pique
01-29-20221. Create a single point of access to the file transfer server.
As long as you correctly configure the firewall and reverse proxy, no one can directly access any of your file transfer servers. Everyone must pass the reverse proxy. When this happens, you can focus on monitoring incoming and outgoing content through the reverse proxy.
2. Simplify access control tasks.
Because you have only one access point, you can focus access control on that single point. For example, instead of specifying the IP addresses allowed to connect on each server, you just need to create a set of IP access rules on the reverse proxy. If a user attempts to connect from an unauthorized IP, the reverse proxy can immediately terminate the attempt.
3. Move user credentials to a safer place.
Most user credentials are stored only on the file transfer server itself. Therefore, if your file transfer servers are located on the DMZ, proactive attackers may easily obtain them. By moving servers to the internal network and deploying reverse proxies to control access, you can provide better security for these credentials, thereby providing better security for the data they protect.
4. Reduce the risk of sensitive data.
Given the wide range of information we often share with business partners, customers and field employees, I'm sure some of it is not for public use. I believe you do not want personal information, trade secrets, prototype blueprints, payroll or financial data to be disclosed to the public or fall into the wrong hands.
However, if your file transfer server is located in a DMZ, all confidential data stored on its hard drive will attract identity thieves, corporate spies, fraudsters and other swindlers. One way to mitigate this risk is to deploy reverse proxy.
Using reverse proxy, you can choose to move DMZ based file transfer servers to your internal network, where they will not be vulnerable.
5. Help achieve regulatory compliance.
Many de facto standards and regulations do not allow data to be stored in highly vulnerable areas such as DMZ. For example, PCI-DSS (payment card industry - Data Security Standard) explicitly requires that credit card information be stored in an internal network isolated from DMZ.
