Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

What is the real function and use of a DMZ on a network?

user-image
Question added by salim malik , Senior Network Administrator , Kuwait College of Science & Technology
Date Posted: 2016/04/10
Ahmed Elkhidir
by Ahmed Elkhidir , Cyber Security consultant , ARO Drilling

its an area of your network that would be exposed to public internet access users ,and here you publish of your services (mail , web , ..etc)  , so some interfaces of your security appliance would have polices with permitted some ports (80,25.443...), we need to be more careful when applying those polices for the public.

Christian Yves Abaday
by Christian Yves Abaday , Service Desk Technician , Chemist Warehouse

It provide a dedicated subnet for publicly accessible machines so that if they get compromised, the rest of your inside network remains safe. It also provides an administrative control point so that all machines entering the DMZ must meet a certain high security standard and be audited frequently.

sanjay agrawal
by sanjay agrawal , L2 network engineer , ericsson india global services

You separate the DMZ from the rest of the network both in terms of IP routing and security policy.

  1. You identify your network areas. Internal: critical systems; DMZ: systems you can afford to be "exposed", systems you want to host services to the outside world, e.g. your SSH hosts; External: the rest of the world.

  2. You set up these separate areas on your network architecture.

  3. Your firewalls/routers are then configured to allow direct connections from the outside world only to the DMZ. Correspondingly, your internal systems should be able to connect only to the DMZ and access the outside world via HTTP, application proxies, mail relays etc. there. Your firewall rules should reflect these decisions by blocking the corresponding traffic directions/IPs/ports: e.g. inward allow only ports for services operating in the DMZ etc.

  4. Ideally you should configure any services exchanging information between network areas (internal, DMZ, external) to be initiated FROM the most secure network segment TO the less secure areas, e.g. If you need to transfer files to "inside" hosts have the inside systems initiate the transfer (have the client role, rather than the server role).

Juned Kittur
by Juned Kittur , Cyber Security Engineer , Akamai Techonologies

In Simple words Segregation of Network keeping LAN secure and not accessible from Internet. DMZ is used to host Public Facing websites where any internet user can access that website.

ibrahim yousif
by ibrahim yousif , Network Admin & Field Service Engineer , TEA computers

a network zone accesable from both internal an external zones, dedicated to servers to be guarded/monitored from internal employees and from external employees/intruders.

Ved Prakash Mishra
by Ved Prakash Mishra , Asst. Manager-IT , Spaze

It's a network zone which is accessible from both internal an external Network zones and generally used to deploy web server, mail server, FTP etc in this Zone.

Deleted user
by Deleted user

the goal of a DMZ is to add an additional layer of security to the local network (LAN) where the external attacker only has direct access to the DMZ area, rather than any other part of the network.

More Questions Like This