DMZs Why do businesses need them?
by Chris Sobeck
A DMZ is a demilitarized zone. Just like the one on the border of North and South Korea, a DMZ server is a secure zone to run services that are exposed to the internet. Usually these exposures must exist so that business to business and business to consumer ecommerce can occur. The DMZ can filter traffic incoming so that none of the traffic hits the internal network. If all illegal traffic is blocked successfully than all files on that network are protected. This insures that the business has safeguarded its intellectual property, payroll information, financial account information and security information from being compromised. Services do need to be exposed in order to do business; this is where a DMZ server creates a solution. There are many different types of web services, these include; web servers (HTTP/HTTPS and SSL), PHP/MySQL servers, Email services, VoIP services, DNS servers and many more. All of the mentioned services must be exposed to promote external communications. The common architecture of a DMZ system is as follows. The external network traffic is filter through a firewall to the DMZ zone. This way the DMZ server address and running services can be masked. It is in the DMZ zone where services are accessed. Web server side requests can be made so that common transactions can be made such as queries, sending e-mail or making a phone call. There is also another firewall in between the DMZ and the intern LAN (Local Area Network). This has a strict filter with high security that may only allow specific computers to connect such as remote technician PC’s or computers located on an extranet. An extranet may be another branch of a business or even just a trusted business partner. These connects are allowed to the LAN exclusively to do business to business transactions. Really a DMZ can be any server whether it is Linux, OSX, Cent OS/5 or Windows, they are just common servers running their services exposed with this architecture. Any business with expensive sensitive information in which exposure could ruin a business should invest in the implementation of a DMZ. See below for a simple diagram of a DMZ.
about the author
More about Chris Sobeck:
A founding member of Security Mecca that believes that the best way we can support America's network infrastructure is to generate awareness. Striving to be a future IT Manager for a Fortune 500 corporation, Chris is now studying at Western Michigan University. Chris' specific areas of expertise is IT Consulting and Web Design.
questions or comments?
If you have any questions or comments about this article, feel free to contact us!