Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Firewall Perimeter Network (DMZ)

Perimeter Network or DMZ

A DMZ (Demilitarized Zone) or Perimeter Network is the area between the firewall that protects the network from untrusted external networks (the Internet) and the firewall that protects the internal network. Intruder attacks on web servers and mail servers are common. Having an additional firewall makes it more difficult for an intruder to gain access to the organizations internal network.

Any service that is being provided to users on the external network can be placed in the DMZ. Hosts in the internal network communicate with services in the DMZ through an intervening firewall, this allows hosts in the DMZ to provide services to both the internal and external network.

The most common services placed in the DMZ are:

web servers
mail servers
FTP servers
VoIP servers

If a web server needs to communicate with an internal database that may contain sensitive information, it can communicate with internal database servers through an application firewall.

You can create a perimeter network with a single firewall, but this configuration is more complicated to configure and is less secure.

To increase security, a reverse proxy server can be used to isolate the servers in the DMZ from direct access by external networks. A reverse proxy server, like a proxy server, is an intermediary, but is used the other way around. A proxy server hides internal host addresses and only exposes its own address to outside clients. A reverse proxy server hides outside clients addresses and only exposes its own address to internal hosts.

More Network Security Articles:
• Network Security
• Intrusion Detection System (IDS) and Intrusion Prevention System (IPS)
• Methods to Combat Distributed Denial of Service (DDoS) Attacks
• Avoid Hacks by Rogue Wireless Devices
• Network Security Across the Enterprise
• Designing Physical Network Security
• Secure, Network Compliant BYOD (Bring Your Own Device) Solutions
• Public Key Infrastructure
• Security Issues with Wireless LANs
• Network Security Model - Defining an Enterprise Security Strategy

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268