Dmz

4,373 views
4,030 views

Published on

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,373
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
182
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Dmz

  1. 1. DMZLevel of defence in private network Shaikh Fozia Shahbaz khan
  2. 2. Learning Objectives Definition Perimeter Security Topologies Architecture Security Firewalls DMZ host Services Goals Tunneling in network security Conclusion
  3. 3. DMZ Portion of the network between the border router and the non-public computing services
  4. 4. Contd. In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a companys private network and the outside public network.
  5. 5. Perimeter Security Topologies Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk.. Include demilitarized zones (DMZs) extranets, and intranets continued…
  6. 6. Trusted Networks
  7. 7. Semi-Trusted Networks
  8. 8. Untrusted Networks
  9. 9. Unknown Networks
  10. 10. ArchitectureSingle firewall
  11. 11. Dual firewall
  12. 12. Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
  13. 13. Creating and Developing Your Security Design Control secrets - What knowledge would enable someone to circumvent your system? Know your weaknesses and how it can be exploited Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system. Understand your environment - Auditing tools can help you detect those unusual events. Limit your trust: people, software and hardware
  14. 14. DMZ Security Firewalls Firewall functions Interaction of firewalls with data
  15. 15. DMZ host
  16. 16. Services Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
  17. 17. DMZ Design Goals Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic). the firewall or router should be configured to initiate a log message or rule alert to notify administrator
  18. 18. Tunneling Enables a network to securely send its data through untrusted/shared network infrastructure Encrypts and encapsulates a network protocol within packets carried by second network Replacing WAN links because of security and low cost An option for most IP connectivity requirements
  19. 19. CONCLUSION

×