A Firewall with Demilitarized Zone (aka DMZ) in computer networking is used to segregate network segment as a security boundary to let you host public resources in secure way such as FTP or WEB server.
Typically a firewall is used to control all the traffic between the private and the public network. All the traffic that comes inbound from the internet is forced to get through the firewall and then controlled based on the security policy set. All the traffic are controlled, authenticated, filtered and logged based on the control policy set that meet your business policy. Each of the entry point to the internet must be controlled by a firewall that must be managed in a secured way. This way you can reduce (if not completely eliminate) the amount of un-authorized traffic reaching your internal or private network.
The main point of placing a firewall in each of the entry point to the internet is to prevent un-authorized users to reach the internal network. The problem is what happened if you would like to host a server that is accessible by internet users? The answer is the segregating the network by means of DMZ (Demilitarized Zone ) in computer networking.
Firewall with DMZ (Demilitarized Zones) is a network security boundary that resides between your business / private network and the internet. If the requirements of hosting public resources exist, you should create a DMZ network and place the servers in this DMZ network. You need to control how the traffic between the public network and the DMZ network should flow. And you need to control how the traffic between the internal network and the DMZ network should flow including who have access right in accessing the public resources.
As general, the concept of the traffic flow between the DMZ network and the internet can be described in the following DMZ firewall diagram.
As shown in the firewall DMZ diagram above, if you require more than one DMZ network, you can create multiple DMZ networks to meet your business needs. In the figure you have two DMZ networks where the WEB server is placed in the DMZ1 and the SQL server is placed in DMZ2.
All the internet traffic flows through the firewall to reach the DMZ1 to access the WEB server. But all the internet traffic is blocked from reaching the internal network or to reach the DMZ2 network where an SQL server exists. The SQL server can only be accessed by the WEB server in DMZ1 and some administrators in the internal network.
Implementation
Typically the demilitarized zone in computer networking is implemented between the borders of your internal network which has three Ethernet interfaces:
- The internet interface is placed in the public network, the interface that faces the internet network / your ISP
- The intranet interface which is connected to the private network where all the computers / hosts are vulnerable to the threats.
- DMZ interface where you place public resources such as FTP or WEB servers
Routers with DMZ network
Mostly home routers and business routers support the DMZ network or port forwarding feature. Routers which are designed for gaming should include the DMZ or Port forwarding feature. For examples, new Linksys E4200 with N750 technology and new WNDR4000 with N750 technology are designed for video streaming and gaming. Both routers include firewall DMZ feature and port forwarding. Typically the DMZ feature is disabled by default.
Unlike DMZ where you expose the whole host to the internet, port forwarding feature lets you configure only certain ports to be exposed to the internet. In home usage, the DMZ feature is used for online gaming where you expose one host to the internet based on the IP address.
By Ki Grinsing
See also:
- Tweaking the DNS setting – speed up internet connection
- A general guidelines of the router
- Understanding Cisco router IOS
- Free Computer networking security software
- Backup the hard drives
Recent Comments