Ask
Login
0
3.4kviews
Explain DMZ in brief.
written 7.7 years ago by gravatar for teamques10 teamques10 64k •   modified 5.1 years ago

Mumbai University > Electronics Engineering > Sem 8 > Advanced Networking Technologies

Marks: 5M

Year: May 15, Dec 15, Dec 14
advanced networking technologies
ADD COMMENT EDIT
1 Answer
0
5views
written 7.7 years ago by gravatar for teamques10 teamques10 64k •   modified 7.7 years ago
  1. DMZ is a military term that refers to an area or a boundary between two or more military powers where the military activities are prohibited
  2. Similarly, DMZ in computer networking is defined as a subnetwork that provides services and information to an organization over the internet
  3. DMZ build’s additional layer o security of LAN
  4. The service provides (hosts) email server, web server and DNS server that provide services outside LAN are prone to external attacks
  5. These providers/hosts are placed within their subnetwork to protect the whole network from external attacks
  6. The hosts within the DMZ subnetwork provide services to both the internal and external attacks

Services in DMZ

  1. Web Server
    • Serves the webpages using HTTP
    • This may communicate with internal data base
    • Database services cannot be accessed publicly
    • An application firewall is placed between web servers and data base servers
    • This approach is complex to implement but provides more security
  2. Mail Servers
    • Use client-server architecture
    • To transfer email
    • Mail server placed in hidden area in DMZ, for maintaining confidentiality
  3. Proxy Servers
    • Filters the request from the clients and then provide response to client’s request
    • Filtering done through IP addresses and protocols
    • Proxy servers placed between computers of clients and other servers
    • The use of proxy servers simplifies monitoring and recording of user activities and blocks local access to unauthorized contents
    • Helps in reducing bandwidth

Architecture of DMZ

Two Types of architecture

  1. Single Firewall Model

    • Consists of at least three network interfaces
      • The external network interface
      • The internal network internal
      • DMZ network interface
    • Both external and internal network are interfaced to DMZ through single firewall
    • If firewall does not function properly network fails

enter image description here

  1. Dual Firewall Model

    • Consists of three interfaces with two firewall
    • In first firewall is to allow traffic only from external network to DMZ
    • Two firewall allows traffic only from DMZ to internal network
    • First firewall handles more traffic
    • If intruder manages to beak the security by first firewall, then it will require more time to break through second firewall
    • This is effective model but expensive

enter image description here
ADD COMMENT EDIT
Please log in to add an answer.