General discussion

Locked

DMZ

By Jerryus ·
Hi

What is a DMZ?

How dows a proxy differ from a firewall. I have a basic understanding of a firewall.

Thanks
J

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DMS - demilitarized zone

by pollard In reply to DMZ

It is usually a network segment that is exposed to
the "hostile" internet with the expectation that
it may be attacked. This network is separate from the internal, protected, network where most organizations have private data.

A DMZ is where many organizations put things like
a domain name server(s), anonymous FTP, and/or web servers. These machines are accessable to both internal and external locations, but a direct external connections are not made to internal systems.

The advantage of a DMZ (at least for web hosting) is that sensitive information may be recieved by the web server running in the DMZ, but the data is
not stored there - it is passed to a more highly protected system for use.

Systems in the DMZ can be viewed asan extension
of the firewall, in that they provide a controled access point for features the firewall does not
support.

A proxy server can be a server on the DMZ. A proxy
acts in lieu of the user, providing a control point for network administrators, outside the users host.

Collapse -

DMS - demilitarized zone

by pollard In reply to DMZ

It is usually a network segment that is exposed to
the "hostile" internet with the expectation that
it may be attacked. This network is separate from the internal, protected, network where most organizations have private data.

A DMZ is where many organizations put things like
a domain name server(s), anonymous FTP, and/or web servers. These machines are accessable to both internal and external locations, but a direct external connections are not made to internal systems.

The advantage of a DMZ (at least for web hosting) is that sensitive information may be recieved by the web server running in the DMZ, but the data is
not stored there - it is passed to a more highly protected system for use.

Systems in the DMZ can be viewed asan extension
of the firewall, in that they provide a controled access point for features the firewall does not
support.

Collapse -

DMZ Explained

by g0t s3cur1tee In reply to DMZ

A DMZ means demilitarized zone. It is used in the same sense as the DMZ in Korea. North Koreans are on the North (untrustworthy), South Koreans are in the South (weak military), and a buffer zone is setup between the two borders. Any transactionsbetween the two occur in the 'safe area' called the DMZ.

The same scenario applies to companies. The Internet is untrustworth and the companie's most valued asset, information, is stored internally. A DMZ is setup so that transactions between internal and Internet are controlled and monitored, otherwise known as peremitter protection.

Typically a firewall is used to control data flowing to/from the Internet. A firewall is an advanced router. A proxy (now ISA) can be used as a firewall, but is prone to vulnerabilites that can mitigate the use of a firewall and it can be compromised.

More on Proxy servers. It is a greater risk to allow traffic into your internal network than out to the Internet, also when you are talking bandwidth it can be alot of traffic if a lot of users are accessing the Internet. A proxy server allows for users to access the Internet easily, by using the proxy as a gateway - with the added benefit of the proxy server caching web pages. This makes itso that web requests don't always have to go all the way to the Internet. The proxy server will store common graphics and even static content.

Collapse -

More on "Proxy"

by eBob In reply to DMZ Explained

If you own a condominium, but can't attend the board meeting, you can nominate a "Proxy" to vote for you. In the same way, you can setup a Proxy Server on your network.

In a corporate environment, Proxy Servers are often used to manage outbound Internet access of the employees.

In an "e-Commerce" type of environment, Proxy Servers are often setup outside the firewall, perhaps in the "DMZ" (!!) to manage inbound access.

With those thoughts in mind, sometimes you will see a Proxy Server used in place of a Firewall. However, in general, a real true Proxy Server is too high up in the protocol stack to serve as an effective Firewall.

On the other hand, sometimes you'll see Firewalls being tweaked to try to do some of the things that should more properly be handled by a Proxy Server.

Best practice: use both.

Collapse -

So, What's a Reverse Proxy Server?

by dave4e2open In reply to More on "Proxy"

Does this mean that the South Koreans pass details to the North, or the Condo association wants to evict you (but they are too scared to do it in person) they send you a message?

Seriously, is a reverse proxy server used to safely pass inbound data so it goes through a DMZ proxy process to help safeguard the home turf?

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums