DMZ (DeMilitarized Zone)
DMZ is short for DeMilitarized Zone.
In military jargon, a DMZ is an area of land that serves as a buffer between two enemies. The most well known DMZ in the world is the DMZ that protects South Korea from North Korea.
In network security jargon, a DMZ is a network that serves as a buffer between a secure protected internal network and the insecure Internet.
A DMZ usually contains servers which provide services to users from the Internet, such as web, ftp, email (SMTP, POP3 and IMAP4), and DNS servers. Although these servers must be open to limited access from the Internet, they should also be protected by a firewall.
The term Perimeter Network is also used to describe a DMZ.
How to Create a DMZ
The most simple method of creating a DMZ is to utilize a firewall with three or more network interfaces. Each interface is assigned a specific role:
- Internal trusted network
- DMZ network
- External un-trusted network (the Internet)
Using a 4-port Ethernet card in your firewall will enable you to create a network in this configuration, or even enable you to create a network with two separate DMZ's.
Separating your DMZ hosts into multiple DMZ's will help to limit the damage that can be done if one of your DMZ hosts is compromised.
DMZ Firewall Rules
A firewall will normally be configured to protect the Internal network from the Internet.
To create a DMZ, the firewall should also enforce rules to protect the DMZ from the Internet and rules to protect the Internal network from the DMZ.
This will make it more difficult for an attacker to penetrate your Internal network, even if they do manage to gain access to your DMZ hosts.
|
|
- Planning DNS Zone Replication
A DNS zone is the contiguous portion of the DNS domain name space over which a DNS server has authority or is authoritative. DNS zones contain either domains or subdomains. The DNS namespace can be divided into multiple zones. Users can even host all their zones on a single DNS server. The Windows Server 2003 [...]...
- Mobile Firewall
A mobile firewall is a hardware and software system that is designed to protect wireless communication networks from unauthorized access and use. The whole system works when it is used connectively and if the mobile node, the firewall hardware and software system, and the network itself are present and operational. The mobile communications firewall system [...]...
- How Firewall Protection Works
Firewall protection works by blocking certain types of traffic between a source and a destination. All network traffic has a source, a destination, and a protocol. This protocol is usually TCP, UDP, or ICMP. If this protocol is TCP or UDP, there is a source port and a destination port. Most often the source port [...]...
- How to Disable the Netgear Router Firewall
In most cases, disabling the firewall on a Netgear router is a really bad idea. In fact, it is such a bad idea that Netgear does not even make a button in their GUI that does this. Nevertheless, users can effectively disable a Netgear router firewall just by adding a rule or two to the [...]...
- How to Disable the XP Firewall
The firewall application built into Microsoft Windows XP protects your computer from many unpleasant network attacks. Unfortunately, the XP firewall also occasionally causes a legitimate application to fail. It is sometimes necessary to disable the Windows XP firewall in order to enable these applications to work. Steps to Disable the Windows XP firewall Click the [...]...