DMZLevel of defence in private          network                   Shaikh Fozia                  Shahbaz khan
Learning Objectives   Definition   Perimeter Security Topologies   Architecture   Security Firewalls   DMZ host   Se...
DMZ   Portion of the network between the border    router and the non-public computing    services
Contd.   In computer networks, a DMZ    (demilitarized zone) is a computer host or    small network inserted as a "neutra...
Perimeter Security Topologies   Any network that is connected (directly or    indirectly) to your organization, but is no...
Trusted Networks
Semi-Trusted Networks
Untrusted Networks
Unknown Networks
ArchitectureSingle firewall
Dual firewall
Network Address Translation (NAT)    Internet standard that enables a LAN to use     one set of IP addresses for internal...
Creating and Developing Your           Security Design   Control secrets - What knowledge would enable someone    to circ...
DMZ Security Firewalls   Firewall functions   Interaction of firewalls    with data
DMZ host
Services   Typically contains devices accessible to    Internet traffic            Web (HTTP) servers       FTP servers...
DMZ Design Goals   Filtering DMZ traffic would identify       traffic coming in from the DMZ interface of        the fir...
Tunneling   Enables a network to securely send its data through untrusted/shared    network infrastructure   Encrypts an...
CONCLUSION
Upcoming SlideShare
Loading in...5
×

Dmz

3,234

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,234
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
133
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Dmz

  1. 1. DMZLevel of defence in private network Shaikh Fozia Shahbaz khan
  2. 2. Learning Objectives Definition Perimeter Security Topologies Architecture Security Firewalls DMZ host Services Goals Tunneling in network security Conclusion
  3. 3. DMZ Portion of the network between the border router and the non-public computing services
  4. 4. Contd. In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a companys private network and the outside public network.
  5. 5. Perimeter Security Topologies Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk.. Include demilitarized zones (DMZs) extranets, and intranets continued…
  6. 6. Trusted Networks
  7. 7. Semi-Trusted Networks
  8. 8. Untrusted Networks
  9. 9. Unknown Networks
  10. 10. ArchitectureSingle firewall
  11. 11. Dual firewall
  12. 12. Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
  13. 13. Creating and Developing Your Security Design Control secrets - What knowledge would enable someone to circumvent your system? Know your weaknesses and how it can be exploited Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system. Understand your environment - Auditing tools can help you detect those unusual events. Limit your trust: people, software and hardware
  14. 14. DMZ Security Firewalls Firewall functions Interaction of firewalls with data
  15. 15. DMZ host
  16. 16. Services Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
  17. 17. DMZ Design Goals Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic). the firewall or router should be configured to initiate a log message or rule alert to notify administrator
  18. 18. Tunneling Enables a network to securely send its data through untrusted/shared network infrastructure Encrypts and encapsulates a network protocol within packets carried by second network Replacing WAN links because of security and low cost An option for most IP connectivity requirements
  19. 19. CONCLUSION
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×