What is DMZ in information security?

Information SecuritySafe & SecurityData Structure

DMZ stand for the Demilitarized Zone. It defines a host or network that acts as a secure and intermediate network or path among an organization's internal network and the external, or non-propriety, network. It is called a network perimeter or perimeter network.

DMZ is generally implemented to secure an inside network from interaction with and exploitation and access by outside nodes and networks. DMZ can be a logical subnetwork, or a physical network acting as a secure bridge among an inside and outside network.

A DMZ network has limited access to the inside network, and some communication is scanned on a firewall before being shared internally. If an attacker design to breach or attack an organization’s network, a successful attempt will only result in the negotiate of the DMZ network not the core network behind it. DMZ is treated more secure, safer than a firewall, and can also operate as a proxy server.

In a DMZ configuration, most computers on the LAN run behind a firewall related to a public network like the Internet. Several computers also run outside the firewall, in the DMZ. Those computers on the outside intercept traffic and broker, request for the remaining LAN, inserting a more layer of defense for computers behind the firewall.

Traditional DMZs allow computers behind the firewall to start requests outbound to the DMZ. Computers in the DMZ, in turn, respond, forward, or reissue requires out to the Internet or some public network, as proxy servers do. Some DMZ implementations simply use a proxy server or servers as the computers inside the DMZ.

The LAN firewall prevent computers in the DMZ from inceptive inbound requests. DMZ is a frequently accepted trait of home broadband routers. Though, in some instances these traits are not true DMZs. Broadband routers generally implement a DMZ only through more firewall rules, signifying that incoming requests appear at the firewall directly.

In creating a DMZ, an organization inserts another network segment or subnet that is an element of the system, but not connected directly to the network. It can be inserting a DMZ creates use of a third interface port on the firewall. This configuration enables the firewall to transfer data with both the general network and the isolated device using Network Address Translation (NAT). The firewall does not generally secure the isolated system, enabling it to connect more directly to the Internet.

A DMZ configuration supports security from outside attacks, but it generally has no bearing on internal attacks including sniffing communication via a packet analyzer or spoofing such as e-mail spoofing.

Updated on 07-Mar-2022 07:44:23