ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What is the real function and use of a DMZ on a network?

user-image
تم إضافة السؤال من قبل salim malik , Senior Network Administrator , Kuwait College of Science & Technology
تاريخ النشر: 2016/04/10
Ahmed Elkhidir
من قبل Ahmed Elkhidir , Cyber Security consultant , ARO Drilling

its an area of your network that would be exposed to public internet access users ,and here you publish of your services (mail , web , ..etc)  , so some interfaces of your security appliance would have polices with permitted some ports (80,25.443...), we need to be more careful when applying those polices for the public.

Christian Yves Abaday
من قبل Christian Yves Abaday , Service Desk Technician , Chemist Warehouse

It provide a dedicated subnet for publicly accessible machines so that if they get compromised, the rest of your inside network remains safe. It also provides an administrative control point so that all machines entering the DMZ must meet a certain high security standard and be audited frequently.

sanjay agrawal
من قبل sanjay agrawal , L2 network engineer , ericsson india global services

You separate the DMZ from the rest of the network both in terms of IP routing and security policy.

  1. You identify your network areas. Internal: critical systems; DMZ: systems you can afford to be "exposed", systems you want to host services to the outside world, e.g. your SSH hosts; External: the rest of the world.

  2. You set up these separate areas on your network architecture.

  3. Your firewalls/routers are then configured to allow direct connections from the outside world only to the DMZ. Correspondingly, your internal systems should be able to connect only to the DMZ and access the outside world via HTTP, application proxies, mail relays etc. there. Your firewall rules should reflect these decisions by blocking the corresponding traffic directions/IPs/ports: e.g. inward allow only ports for services operating in the DMZ etc.

  4. Ideally you should configure any services exchanging information between network areas (internal, DMZ, external) to be initiated FROM the most secure network segment TO the less secure areas, e.g. If you need to transfer files to "inside" hosts have the inside systems initiate the transfer (have the client role, rather than the server role).

Juned Kittur
من قبل Juned Kittur , Cyber Security Engineer , Akamai Techonologies

In Simple words Segregation of Network keeping LAN secure and not accessible from Internet. DMZ is used to host Public Facing websites where any internet user can access that website.

ibrahim yousif
من قبل ibrahim yousif , Network Admin & Field Service Engineer , TEA computers

a network zone accesable from both internal an external zones, dedicated to servers to be guarded/monitored from internal employees and from external employees/intruders.

Ved Prakash Mishra
من قبل Ved Prakash Mishra , Asst. Manager-IT , Spaze

It's a network zone which is accessible from both internal an external Network zones and generally used to deploy web server, mail server, FTP etc in this Zone.

مستخدم محذوف‎
من قبل مستخدم محذوف‎

the goal of a DMZ is to add an additional layer of security to the local network (LAN) where the external attacker only has direct access to the DMZ area, rather than any other part of the network.

المزيد من الأسئلة المماثلة