Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Firewall Perimeter Network (DMZ)

Perimeter Network or DMZ

A DMZ (Demilitarized Zone) or Perimeter Network is the area between the firewall that protects the network from untrusted external networks (the Internet) and the firewall that protects the internal network. Intruder attacks on web servers and mail servers are common. Having an additional firewall makes it more difficult for an intruder to gain access to the organizations internal network.

Any service that is being provided to users on the external network can be placed in the DMZ. Hosts in the internal network communicate with services in the DMZ through an intervening firewall, this allows hosts in the DMZ to provide services to both the internal and external network.

The most common services placed in the DMZ are:

web servers
mail servers
FTP servers
VoIP servers

If a web server needs to communicate with an internal database that may contain sensitive information, it can communicate with internal database servers through an application firewall.

You can create a perimeter network with a single firewall, but this configuration is more complicated to configure and is less secure.

To increase security, a reverse proxy server can be used to isolate the servers in the DMZ from direct access by external networks. A reverse proxy server, like a proxy server, is an intermediary, but is used the other way around. A proxy server hides internal host addresses and only exposes its own address to outside clients. A reverse proxy server hides outside clients addresses and only exposes its own address to internal hosts.

More Network Security Articles:
• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
• NMAP (Network Mapper) Port Scanner
• Top Ways to Prevent Data Loss
• Handling Rogue Access Points
• Firewall Internet Security - The Basics of a Firewall
• How to Use the Open Source Intrusion Detection System SNORT
• Public Key Infrastructure
• What is a Botnet Attack and How to Identify It?
• What is Network AAA (Authentication, Authorization, and Accounting)?
• Network Security Model - Defining an Enterprise Security Strategy

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2019 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268