DMZ

 DMZ 

 

What is a DMZ? 

DMZ stands for demilitarised zone. It is a physical or logical subnet that separates a private network from an untrusted network like the internet. Services that are public facing should always be put in a DMZ such as email servers, web servers, FTP servers and other public facing services. 

 

Features of a DMZ 

DMZ can offer an enhanced layer of security to a network. They are segmented from the private network and firewalls control traffic in and out of it. DMZs also contain an IDS/IPS to monitor and flag threats and malicious activity. Strict access controls are also enforced in the DMZ to ensure only legitimate traffic can access the services inside. Regular security audits are performed, and logging is enabled to monitor threats inside the DMZ. 

 

Pros of a DMZ 

  • Increased security to the network 
  • Controlled access 
  • Preventing enumeration and reconnaissance 
  • Protects against IP spoofing 

 

Cons of a DMZ 

  • No internal protections 
  • Time to set up 
  • False sense of security 

 

Network architecture 

There are various different components and devices in a network with a DMZ. 

  • Perimeter router – Between the external and internal network. Provides routing between the internal network and the internet. 
  • First firewall – Between the perimeter router and the DMZ. It controls the traffic between the router and the DMZ and applies strict access controls. 
  • DMZ – Holds public facing services. 
  • Second firewall – Between the DMZ and internal network. It has very strict access controls to prevent malicious, unauthorised traffic into the internal network. 
  • Internal network – Houses internal resources. 

 

Pricing and training 

DMZ networks are complex to set up and manage effectively. Current network infrastructure must be assessed, and security software must be purchased to secure the entry points in the DMZ. For example, IDS/IPS should be purchased and installed along with at least 2 firewalls. After setup, the DMZ should be monitored closely and regularly updated and tested. The total cost of a DMZ depends on the business size but an average cost for a small business could be around £3000 initially along with £1500 annually for licensing and maintenance fees. 

Comments

Post a Comment

Popular posts from this blog

OSA Summer 2023 Mock - Task 1, Assignment 1

Image
  OSA Summer 2023 Mock – Task 1           Legal requirements   The company must ensure they are compliant with the correct legislation whilst the project is undertaken.   If any person is working at height, the correct safety measures to prevent injury or death must be imposed under The Work at Height Regulations 2005. They must have an appropriate safety harness on and hazardous areas at height should be i dentified in the risk assessment.   By storing data internally on a local file server, the business is responsible for maintaining the confidentiality, availability and integrity of that data. They must comply with The Data Protection Act 2018 and General Data Protection Regulations.   Display screen equipment regulations (DSE) should be considered when installing workstations. Ergonomic and posture-friendly chairs should be installed and employees given appropriate breaks from working around screens.     Data p...
Read more

OSA Assignment 1 - Task 1 GUIDE

  OSA Assignment 1 – Task 1 Guide     Exam parameters   Time length – 3 hours   Marks available – 20     Task 1: Planning   In this task you are required to submit :   A project plan   Gantt chart showing th e critical path   Explanation of legal requirements   Physical and digital threat countermeasures   Annotated floor plan     Gantt Chart   The Gantt Chart is the first document you should create. This details each phase of the project alongside the timescale to complete it.   Ensure you make a note of the deadline for the project along with any pre-requisites such as cabling. This should all be implemented into your Gantt Chart.   You can follow a layout like this:   Project:   Pre considerations (Gathering project timescale, risk assessments, ...)   Planning (Devising project plan, identifying budget, ...)   Design (Research hardware, identify topology, ...)   Pre ...
Read more

Useful Core A Acronyms

  Useful core A acronyms     NGO – Non governmental organisation   KPI – Key performance indicator   USP – Unique selling point   CRM – Customer relationship management   Saas – Software as a service   CAB – Change advisory board   SMARTER – Specific, measurable, accurate , realistic, time-bound, evaluate, re-evaluate   IPO – Intellectual property office   RCD – Registered community designs   UCD – Unregistered community designs   TNA – Training needs analysis   PRR – Post project reviews   COBC – Code of business conduct   BCS – British computing society   ML – Machine learning   CVS – Computer vision syndrome   RSI – Repetitive strain injury   DSE – Display screen equipment   HSE – Health and safety executive   ODD – Optical disk drive   RPM – Revolutions per minute   CPU – Central processing unit   RAM – Random access memory   EMI – Electromagnetic inter...
Read more