Discuss the importance of the configuration of a DMZSolution

Discuss the importance of the configuration of a DMZ.

Solution

DMZ is a Demilitarized Zone, it is a physical or logical subnetwork which separeates LAN from other untrusted networks ie internet. External-facing servers, resources and services are located in the DMZ so they are accessible from the internet but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the internet.

Any service that is being provided to users on the internet should be placed in the DMZ. The most common of these services are: Web, Mail. DNS, VoIP, etc., The systems running these services in the DMZ are reachable by hackers and cybercriminals around the world and need to be hardened to withstand constant attack. The term DMZ comes from the geographic buffer zone that was set up between North Korea and South Korea at the end of the Korean war. A DMZ is now often referred to as a perimeter network.

There are various ways to design to design a network with a DMZ. The two most common methods are with a single or dual firewalls. These architectures can be expanded to create very complex architectures depending on the network requirements. A single firewall with atleast three network interfaces can be used to create a network architecture containing a DMZ. The external network is formed from the ISP to the firewall on the first network interface, the internal network is formed from the second network interface, and the DMZ is formed from the third network interface. Different sets of firewall rules for traffic between the internet and the DMZ, the LAN and the DMZ, and the LAN and the internet tightly control which ports and types of traffic are allowed into the DMZ from the internet, limit connectivity to specific hosts in the internal network, and prevent unrequested connections either to the internet or the internal LAN from the DMZ.