Firewall Perimeter Network (DMZ)
By Stephen Bucaro

A DMZ (Demilitarized Zone) or Perimeter Network is the area between the firewall that
protects the network from untrusted external networks (the Internet) and the firewall
that protects the internal network. Intruder attacks on web servers and mail servers
are common. Having an additional firewall makes it more difficult for an intruder to
gain access to the organizations internal network.
Any service that is being provided to users on the external network can be placed in
the DMZ. Hosts in the internal network communicate with services in the DMZ through an
intervening firewall, this allows hosts in the DMZ to provide services to both the
internal and external network.
The most common services placed in the DMZ are:
• web servers
• mail servers
• FTP servers
• VoIP servers
If a web server needs to communicate with an internal database that may contain sensitive
information, it can communicate with internal database servers through an application firewall.
You can create a perimeter network with a single firewall, but this configuration is more
complicated to configure and is less secure.
To increase security, a reverse proxy server can be used to isolate the servers in the
DMZ from direct access by external networks. A reverse proxy server, like a proxy server,
is an intermediary, but is used the other way around. A proxy server hides internal host
addresses and only exposes its own address to outside clients. A reverse proxy server hides
outside clients addresses and only exposes its own address to internal hosts.
More Network Security Articles: • Avoid Hacks by Rogue Wireless Devices • Overview of IPsec with IKEv1 • Firewall Internet Security - The Basics of a Firewall • Nessus Network Vulnerability Scanner • How Snort's Stealth TCP Port Scanning Works • Types of Computer Security Threats • Are You Meeting ISO 27000 Standards for Information Security Management? • Why Become a CISSP? • Difference Between Network Firewall and Web Application Firewall • Denial of Service Attack (DoS) Detection and Mitigation
|