Register now or log in to join your professional community.
its an area of your network that would be exposed to public internet access users ,and here you publish of your services (mail , web , ..etc) , so some interfaces of your security appliance would have polices with permitted some ports (80,25.443...), we need to be more careful when applying those polices for the public.
It provide a dedicated subnet for publicly accessible machines so that if they get compromised, the rest of your inside network remains safe. It also provides an administrative control point so that all machines entering the DMZ must meet a certain high security standard and be audited frequently.
You separate the DMZ from the rest of the network both in terms of IP routing and security policy.
You identify your network areas. Internal: critical systems; DMZ: systems you can afford to be "exposed", systems you want to host services to the outside world, e.g. your SSH hosts; External: the rest of the world.
You set up these separate areas on your network architecture.
Your firewalls/routers are then configured to allow direct connections from the outside world only to the DMZ. Correspondingly, your internal systems should be able to connect only to the DMZ and access the outside world via HTTP, application proxies, mail relays etc. there. Your firewall rules should reflect these decisions by blocking the corresponding traffic directions/IPs/ports: e.g. inward allow only ports for services operating in the DMZ etc.
Ideally you should configure any services exchanging information between network areas (internal, DMZ, external) to be initiated FROM the most secure network segment TO the less secure areas, e.g. If you need to transfer files to "inside" hosts have the inside systems initiate the transfer (have the client role, rather than the server role).
In Simple words Segregation of Network keeping LAN secure and not accessible from Internet. DMZ is used to host Public Facing websites where any internet user can access that website.
a network zone accesable from both internal an external zones, dedicated to servers to be guarded/monitored from internal employees and from external employees/intruders.
It's a network zone which is accessible from both internal an external Network zones and generally used to deploy web server, mail server, FTP etc in this Zone.
the goal of a DMZ is to add an additional layer of security to the local network (LAN) where the external attacker only has direct access to the DMZ area, rather than any other part of the network.