Wednesday, May 12, 2010
Demilitarized zone (DMZ)
A Demilitarized zone (DMZ) is an area where you can place a public server for access bypeople you might not trust otherwise. By isolating a server in a DMZ, you can hide or
remove access to other areas of your network. You can still access the server using your network,but others aren't able to access further network resources. This can be accomplished using firewalls to isolate your network.
When establishing a DMZ, you assume that the person accessing the resource isn't necessarily someone you would trust with other information. Figure 1.13 shows a server placed in a DMZ. Notice that the rest of the network isn't visible to external users. This lowers the threat of intrusion in the internal network.The easiest way to create a DMZ is to use a firewall that can transmit in three directions:Tip:Anytime you want to separate public information from private information,a DMZ is an accceptable option.
to the internal network, to the external world (Internet), and to the public information you’re
sharing (the DMZ). From there, you can decide what traffic goes where; for example, HTTP
traffic would be sent to the DMZ, and e-mail would go to the internal network.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment