Providing public resources such as Web servers which are settled inside the underground network is prone to any types of internet threats. This is because we allow inbound internet traffic reaching into our underground network. A acquire way to furnish public resources is by establishing a safety boundary - the firewall Dmz.
Connecting our underground network to the un-trusted network (aka the internet), we should operate the flow of the traffic in a secured manner by using a firewall device. With firewall, all the traffic are forced to pass through a singular concentrated checkpoint where all traffic will be controlled, authenticated, filtered, and logged according to the policies set. With this way, we can significantly reduce, but not eliminate the number of unauthorized traffic reaching our internal network.
What should we do if we need to furnish the public resources such as Web-servers that can be accessed by users from the internet in a secured way? Internet users can way the public resources but they cannot reach into our underground or internal corporate networks. We need to configure our firewall by providing the perimeter network - a Firewall with Dmz (Demilitarized Zones).
Firewall Dmz - Demilitarized Zone is a safety network at the boundary between a corporate / underground Local area network (Lan) and the internet. A firewall Dmz must be used whenever you need to furnish a segmentation of the network when you need to host public resources such as Web servers. The perimeter network is designed to safe servers on the corporate network from charge by malicious users on the Internet.
If the requirements to use manifold network segments exist, you can deploy manifold Dmz with differing safety policies (levels). For example when you need to deploy a secured web server with Sql server on distinct machine, you need to furnish segmentations to both Web -server and the Sql server. Web-server should be settled in Dmz1 while Sql server should be settled on distinct segment - Dmz2.
We should originate policies in such a way that the traffic from the internet users can only way the Web server which sits in Dmz1 network. They cannot way the Sql server which sits in Dmz2 network. However, both Web server in Dmz1 and Sql server in Dmz2 can way each other. As a general institution you should isolate the Sql server from the Web server. You need to develop policies that meet the above safety requirements and implement them in the firewall.
Implementation
The firewall Dmz can be implemented at the border of the corporate Lan which typically has three network interfaces:
1. The internet interface: the interface is exposed to the internet (the unsecured public network)
2. The underground or Intranet interface: the interface is connected to the corporate Lan network where you put your vulnerable servers.
3. The Dmz network: the Dmz interface resides in the same public network that can be absolutely accessed by public users from the internet. The public resources which typically reside in the firewall Dmz are proxy servers, and web servers.
Home Wireless Router with Dmz Feature
There are many favorite home wireless routers such as Wrt610N by Linksys, Dir-855 D-Link router which are equipped with the firewall Dmz feature ready in the store today. With the Dmz feature, you can configure a singular computer to be exposed to the internet for use of a special-purpose assistance such as Internet gaming or video conferencing. Dmz hosting forwards all the ports at the same time to one Pc.
Beside the Dmz feature, the Port Forwarding feature is more acquire because it only opens the ports you want to have opened, while Dmz hosting opens all the ports of one computer, exposing the computer to the Internet.
For example with Wrt610N wireless router, you can expose one Pc or game console for Online Gaming purposes. You can configure the router by accessing the router web-based utility and search the Application - Dmz page to configure and enable the Dmz feature. Dmz feature is disabled by default. Enable the Dmz feature and plump the Ip address or manually enter a specific Ip address of the computer from the Internet that will be allowed to way the Pc in the network. You should also enter the Ip / Mac address of the Pc / Game console you want it to be accessed from the internet.
By Ki Grinsing
Firewall Dmz a secure Way to supply public Resources