In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a physical or logical subnet that *separates* an internal local area network (LAN) from other untrusted networks, usually the internet. External-facing servers, resources and services are located in the DMZ. So, they are accessible from the internet, but the rest of the *internal LAN remains unreachable.*
If your client side needs to authenticate with SQL on the inside this effectively compromises your DMZ. Do a little more work on the Linux server like IPTABLES, TCP_wrappers and run guac under its own username & group. Only allow port 443 and never process APIs without encryption. Internet --443---> Firewall ---443--->Guacamole----internal----Resources If properly locked down you will be safe, but also as a disclaimer regardless of configuration, you are always at risk from the 1%. Thank You ----- A Cybersecurity Enablement Company We don't just run you through the motions, Our labs teach you how to think! Known good Guacamole installations -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
