De-militarised zone (DMZ)
In this step, you're going to being looking at what is referred to as the De-Militarised Zone (DMZ). Later you'll consider Firewall Policy and, finally, Boundary Controls.
The name for this control is taken from the term demilitarised zone, an area between states in which military operations are not permitted.
What do you think a DMZ is in a computing context? How do you think an area of this type can help cyber security?
Most firewall architectures involve the creation of a De-Militarised Zone, or DMZ. Which is a small network segment inserted as a neutral zone between an organisation’s private network and an untrusted network, like the Internet.
Here in the diagram, an external webserver is being hosted in the DMZ and users attached to the internet will come through the outer firewall to access this webserver. However, remote users needing access to the internal network must go through both the outer and inner firewalls.
The DMZ provides secure segregation of networks for services to users, visitors, or partners. Separating the external webserver from the internal network can reduce many threats and vulnerabilities. All untrusted web traffic (e.g., internet traffic/email/webservers) will go through DMZ and allow more targeted checks and controls to be implemented such as mail/web gateways, which you explore later in this step.
Figure 1:De-militarised zonev
What’s next
Next, you will look at Firewall policy.
In this course you’ll take a deep dive into networks and communications controls, looking at Firewalls, DMZ and VPN among others.
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.