WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search






Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.3  Security Topologies
           9  3.3.1  Security Zones

Previous Topic/Section
3.3.1  Security Zones
Previous Page
Pages in Current Topic/Section
1
23
Next Page
 3.3.1.2  Intranet
Next Topic/Section

3.3.1.1  DMZ (Demilitarized Zone)
(Page 1 of 3)

The DMZ, or Demilitarized Zone, on a network is “that portion of a company’s network which sits between the Internet and an internal network’s line of defense, usually some combination of firewalls and bastion hosts”327. Firewalls were described earlier in this section. Bastion hosts are gateways between inside and outside networks, designed to defend the internal network from attacks aimed at it from outside.

Much like in the non-computerized world, a network DMZ, sometimes called a “perimeter network,” is a “neutral zone” that attempts to keep external users and the internal network apart. It is strongly advised that there be an external firewall (or at least a well-configured filtering router) between the DMZ and the Internet as well, for protection of the DMZ, although that is not required for that portion of the network to be considered a DMZ.

Figure 36: The DMZ allows public services such as Web and FTP servers to be available while not risking the private network.

 

DMZ

A DMZ (Demilitarized Zone) is an area of the network that sits between the Internet and the organization’s internal network. It is a “neutral zone” that keeps external users and the internal network apart, reducing opportunities for unauthorized access.


Usually a DMZ is a separate subnet from your internal network, to minimize opportunities for compromises due to traffic sniffing. While, logically speaking, a DMZ is an intermediate area “between” your internal network and the Internet, a network configuration supporting a DMZ is sometimes implemented by using a single router with three port connections (Internet, DMZ and internal network) and good filtering rules between them.

Figure 37: A router of sufficient recourses can handle multiple ports.

 

 __________________

327. “DMZ”, http://www.webopedia.com

Previous Topic/Section
3.3.1  Security Zones
Previous Page
Pages in Current Topic/Section
1
23
Next Page
 3.3.1.2  Intranet
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.