General discussion

Locked

DMZ?

By mahdi ·
How do I build a DMZ?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DMZ?

by Ann777 In reply to DMZ?

The DMZ is placed in conjunction with your firewall. If you have a dual-bastion type firewall, the DMZ is between the bastion hosts that make up the firewall. If you have a single firewall machine, the DMZ is on an interface of the firewall that is separate from the rest of the network that it is protecting.

The main purpose for a DMZ is to provide a place for systems on your network that need to have less protection than the rest of your systems. Examples of such systems include those that must be able to be seen by the rest of the Internet, such as Web and e-mail servers. The DMZ segment of your network must use public IP addressing, whereas the rest of your network can use private IP addresses using Network Address Translation in the firewall to allow communications.

The SANS Institute has a paper entitled Designing a DMZ that provides much more information on this topic. See link below; please remove any embedded spaces:

http://www.sans.org/infosecFAQ/firewall/DMZ.htm

Collapse -

DMZ?

by mahdi In reply to DMZ?

The question was auto-closed by TechRepublic

Collapse -

DMZ?

by McKayTech In reply to DMZ?

If you already have a firewall, you can build a DMZ by adding another interface to it and then setting up the firewall rules appropriately.
Generally, a DMZ is used for servers that must be publicly available on the Internet but that also have someconnection to a company's internal networks.
Typically, the DMZ will contain a Web server, a mail server and perhaps an FTP server. For traffic that comes in on the external interface, the firewall will only permit those ports to go only to those addresses. The key is to make sure that the firewall does *not* allow any device in the DMZ to establish a connection to the inside network so if a DMZ server does get hacked, the inside network cannot be attacked from that point.
If you don't already have a firewall, you want to take a look at the Linux Router Project (http://lrp.steinkuehler.net) software as it will run on very cheap hardware and provides (in the current release) a DMZ capability just by building the box with three NIC cards.

paul

Collapse -

DMZ?

by mahdi In reply to DMZ?

The question was auto-closed by TechRepublic

Collapse -

DMZ?

by mahdi In reply to DMZ?

This question was auto closed due to inactivity

Back to Networks Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums