A DMZ (Demilitarized Zone) is a network (or a node) used to connect internal resources to the untrusted outside world, usually the Internet. By creating a separate "danger" zone, internal resources are within the private network are not directly accessible from the outside world. In traditional corporate networks, the servers providing services to the outside world such as the webserver, email server, and DNS server are isolated inside the DMZ network so that the internal network is protected even if DMZ is compromised. With the explosive growth in cloud networks, the majority of public servers are relocated to cloud servers and there is less demand for DMZ than before. However, there are still some gateway servers providing access to the internal resources that are confined within the DMZ network.
Why use DMZ?
A DMZ is a subnetwork within a LAN that is exposed to the Internet. By separating a DMZ subnetwork within the private network, it provides an additional layer of protection to the resources residing inside the LAN. The resources providing services to the public are exposed to various attacks including brute force attacks, Man-in-the-Middle attacks, and DDoS attacks.
The servers sitting inside the DMZ must be monitored for exploits, cyber attacks, and the data passing onto other internal resources must undergo a strict integrity check. By implementing a firewall at the entry point into the DMZ, and an additional firewall between the DMZ and internal network will protect the resources inside the private network.
Corporations used to host DNS, Web, Email, and FTP servers internally, and the DMZ played important role in protecting internal resources. In today's environments, corporations relocated the web properties to the cloud and there are fewer reasons to maintain a DMZ. However, there are still many reasons why companies may create one to interconnect VPN servers, gateway devices, and provide remote access to NAS (Network Attached Storage) devices
On the personal side, individuals create home networks through broadband routers. Most home users do not provide services for external users, and DMZ is not necessary. However, advanced users may remotely connect to their devices from outside of the home, or browse folders hosted on their NAS devices. In such events, a NAT (Network Address Translation) or a DMZ can be set up to fulfill one's need. Most home routers provide some firewall functionality built-in to the routers, which can be enabled to protect their network.
Although DMZ is less popular today than previously, it is still a good networking tool to protect individuals and corporations by separating the subnetwork facing the Internet from the rest of the internal network. A DMZ is a subnetwork facing an untrusted Internet, and it provides an extra layer of protection by limiting access to the internal resources. By implementing firewalls before and after the DMZ, a LAN can be protected from outside intruders.
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.