Wednesday, December 6, 2017

What is DMZ or Demilitarized Zone ?

If not redirected, please click here https://www.thesecuritybuddy.com/data-breaches-prevention/what-is-dmz-in-computer-networking/





What is DMZ or Demilitarized Zone ?


In computer security, DMZ or Demilitarized Zone is a physical or logical subnetwork that separates an organization’s internal network (LAN) from an untrusted network, usually the Internet. Usually the servers that can be accessed from the external network, like web servers, mail servers, DNS, FTP etc are placed in the DMZ and the DMZ is separated from the rest of the internal network using firewalls. The name is derived from the term demilitarized zone which is an area between nation states where no military operations are permitted. It is also called perimeter network.


Why do we use DMZ ?


Servers that are accessible from the external network are most vulnerable to cyber attacks. So, the rest of the internal network of an enterprise should be protected from those servers, so that even if the security of those servers get compromised, the rest of the internal network remains protected. So, publicly accessible servers of an enterprise like web servers, mail servers, DNS etc are placed in DMZ and the rest of the internal network is protected from those servers. Usually the DMZ is separated from the rest of the internal network using firewall and the communication between the DMZ and the internal network is restricted. Also, the communications between two hosts in the DMZ as well as between the DMZ and the external network are restricted.


What all servers are placed in the DMZ ?


Any servers that provide services to users in the external network can be placed in the DMZ. Some most common examples can be:

  • Web servers
  • Mail servers
  • FTP servers
  • DNS
  • VoIP servers
  • Proxy servers

Web servers can communicate with the database servers. They can do it so through Web Application Firewall (What is a Web Application Firewall ?) for security. Web servers can be placed in the DMZ and the database server can be in the internal network, depending on sensitiveness of the data in the database.

Similarly, mail servers can be placed in the DMZ while the database containing sensitive email messages and user data can be placed in the internal network and not accessible to the external network.

Organizations can also include proxy servers in the DMZ (What are proxy servers and how do they work ?). These proxy servers can be both Forward Proxy Servers and Reverse Proxy Servers. Forward Proxy Servers can intercept requests originated from the internal network of the organization requesting an external resource. They can monitor the web contents and filter it accordingly for security purposes. Reverse Proxy Servers on the other hand can intercept requests coming from the external network requesting for a resource in a server internal to the network and filter it accordingly to reduce security threats. As these proxy servers are accessible to the external network, placing them in the DMZ can reinforce security.


How to implement DMZ ?


DMZ can be implemented in mainly two different ways – using a single firewall and using dual firewall.


DMZ using single firewall





A single firewall with three network interfaces can be used in this method. The first interface can be connected to the external network. The second interface can be connected to the DMZ and the third interface can be connected to the internal network. In this case, as a single firewall is used, the firewall should be able to handle all traffic going to the DMZ as well as the traffic from the internal network and it can also become a single point of failure.


DMZ using dual firewall





In this case, two different firewalls are used. The first firewall is placed between the external network and the DMZ. It can monitor all traffic between the external network and the DMZ and filter them accordingly. The second firewall can be placed between the DMZ and the internal network and monitor and filter traffic between the DMZ and the internal network. In this method, as two firewalls are used, this is more secure than the single firewall method. Also, two firewalls used should be from two different vendors, so that both of them do not contain the same security vulnerabilities and it becomes more difficult for the attackers to bypass both the firewall to access the internal network.