young call girls in Vivek Vihar🔝 9953056974 🔝 Delhi escort Service
Final2[1]
1. Suggestion to apply DMZ on YottaGate company
Prepare by :
Mohammed Abdu Hazzaa
Fattah Al-Nomer
Computer Network Engineering Department
Sana’a Community College
Sana’a
Supervisor:
Dr.Nashwan Aldhabhani
0202
3. 2
Acknowledgement
In the beginning we would like to thank God for blessing us and for giving us the
strength to work and complete this project.
We would like to thank our supervisor Dr. Nashwan Al-Dhahabani for his advice
and supportwhile writing this project. His knowledge, dedication, and opinion were
instrumental in completing this research.
We would also like to thank everyone who supported us and helped us complete our
learning from start to finish
Most of all, Thanks our families for their great supportall the time.
4. 3
Abstract
Local area networks are built mainly for two essential goals, the first one is to support
the framework’s business functionality such as email, file transferring, procurement
systems, internet browsing, and so forth. Second, these common networks should be
built using secure strategies to protecttheir components. Recent developments in
network communication have heightened the need for both secure and high performance
network. However, the performance of network sometime is effected by applying
security rules. Actually, network security is an essential priority for protecting
applications, data, and network resources.
Applying resources isolation rules are very important to prevent any possible attack.
This isolation can be achieved by applying DMZ (Demilitarized Zone) design. A DMZ
extremely enhance the security of a network.
A DMZ protection to the network. It is also used to protecta private information. A
DMZ should be properly configured to increase the network’s security. This work
reviewed DMZ with regard to its importance, its design, and its effect on the network
performance. The purposeof a DMZ is to add an additional layer of security to an
organization's local area network (LAN). This means that an external attacker only has
access to equipment in the DMZ, rather than any other part of the network.
This project introduces and demonstrates how to implement A DMZ, or De Militarized
Zone conceptwithin YottaGate's company. The main focus of this work was to explore
a means of assessing DMZ effectiveness related to network performance with simulation
Cisco Packet tracer emulation environment.
15. 14
Chapter 1
Introduction
INTRODUCTION1.1
Security is one of the most critical challenges of computer and communication
networks. Network design should accomplish three security aims: confidentiality,
integrity, and availability. Actually, protecting a network that is connected to internet is
a big challenge. The solution for this challenge is to divide the network
into two segments. The first segment can contains a public access machines such as
HTTP server, DNS server and Mail server, this segment is called Demilitarized zone
(DMZ).
The second one can contain a private access machines such as application server,
database server and workstations. A DMZ is a network added between a protected
network and an external network in order to provide an additional layer of security [1].
A DMZ is front line of a network that protectthe valuables resources from untrusted
environments. A DMZ is an example of the principle of defence in depth. The defence in
depth principle points out that no one thing, no two things will always provide complete
security. It points out that the only way the system is reasonably protected is to consider
every part of the system and to ensure that they are all secure. A DMZ adds additional
security layer beyond a single perimeter [2]. It separates the external network from the
direct reference to the internal network. It is achieved by isolating machines that are
directly accessible by all other machines. Most of the time the external network is the
Internet, the web server in a DMZ, but this is not the only potential arrangement. A
DMZ can be used to isolate specific machines in the network from other machines. This
can be done for a department that requires internet access and corporatenetwork as well.
In DMZ nomenclature, internal network should have more secure information than
external one [2].
Separation is important. Any system should separate its important applications and
information. This is a checks and balances to ensure that any untrusted area cannot
corrupt the whole area. The separation principle is renowned by the government.
Generally, government has three divisions the executive, the legislative and the judicial.
16. 15
The same design is required on a computer network system. Separation of information is
necessary, so the attacker cannot get all the systems. An attacker could access a web
server, but it would be worse if the attacker could access the database through a web
server. This is the type of problem DMZ is designed to prevent. This work will discuss a
way of evaluating the performance of DMZ with regards to network performance and
implement this project on YottaGate Corporation.
Today's network architecture is complex and is faced with a threat environment that is
always changing and attackers that are always trying to find and exploit vulnerabilities.
These vulnerabilities can exist in a broad number of areas, including devices, data,
applications, users and locations. For this reason, there are many network security
management tools and applications in use today that address individual threats and
exploits and also regulatory non-compliance. When just a few minutes of downtime can
cause widespread disruption and massive damage to an organization's bottomline and
reputation, it is essential that these protection measures are in place.
Network security should be a high priority for any organization that works with
networked data and systems. In addition to protecting assets and the integrity of data
from external exploits, network security can also manage network traffic more
efficiently, enhance network performance and ensure secure data sharing between
employees and data sources.
There are many tools, applications and utilities available that can help you to secure your
networks from attack and unnecessary downtime. Forcepoint offers a suite of network
security solutions that centralize and simplify what are often complex processesand
ensure robust network security is in place across your enterprise.
17. 16
In computer security, a DMZ Network (sometimes referred to as a “demilitarized zone”)
functions as a subnetwork containing an organization's exposed, outward-facing
services. It acts as the exposed point to an untrusted networks, commonly the Internet.
The goal of a DMZ is to add an extra layer of security to an organization's local area
network. A protected and monitored network node that faces outside the internal
network can access what is exposed in the DMZ, while the rest of the organization's
network is safe behind a firewall.
When implemented properly, a DMZ Network gives organizations extra protection in
detecting and mitigating security breaches before they reach the internal network, where
valuable assets are stored.
The Importance of Network Security
Common Network Security Vulnerabilities
In order to effectively implement and maintain secure networks, it’s important to
understand the common vulnerabilities, threats and issues facing IT professionals today.
While some can be fixed fairly easily, others require more involved solutions.
Virtually all computer networks have vulnerabilities that leave them open to outside
attacks; further, devices and networks are still vulnerable even if no one is actively
threatening or targeting them. A vulnerability is a condition of the network or its
hardware, not the result of external action.
These are some of the most common network vulnerabilities:
Improperly installed hardware or software
Operating systems or firmware that have not been updated
Misused hardware or software
Pooror a complete lack of physical security
Insecure passwords
Design flaws in a device’s operating system or in the network
1.2 problem background
18. 17
YottaGate is a software, and technical solutions and consulting company, which is
specialized in designing and developing software that helps companies and
organizations to get the best solutions services with the latest available technologies and
methods.
YottaGate products provide in providing financial, educational, agricultural, e-
commercial solutions in a completed frame that fit with different government and
private sectors suchas companies, organizations, hospitals, universities, schools, shops
and accounting offices.YottaGate serve the SMEs in technical, management, financial
and marketing aspects to assess and improve their business.The Authority uses
Information Technology (IT) and Networks to facilitate its business. The network
devices do not have a centralize administration. So the Authority needs to centralized
configuration, administration, management, controland monitoring of network devices
(physical or virtual) and manage the network traffic. Therefore, to meet these needs they
should implement SDN technology.
1.3 Problem Statement
Difficulties Blocks potential threats and malware, monitoring the network and
preventing unauthorized persons from entering the internal network, difficulty restricting
users who do not have the privileges to access network resources, as well as difficulty in
filtering unnecessary traffic.
1.4 Project Objectives
-To define DMZ technology.
-To apply DMZ technology to YottaGate's company
1.5 Project Significance
The goal of a DMZ is to add an extra layer of security to an organization's local
area network. A protected and monitored network nodethat faces outside the
internal network can access what is exposed in the DMZ, while the rest of the
organization's network is safe behind a firewall.
19. 18
Any service that is being provided to users on the external network can be placed in the
DMZ.
The most common of these services are:
Web servers
Mail servers
FTP servers
serversVoIP
databaseWeb servers that communicate with an internal database require access to a
, which may not be publicly accessible and may contain sensitive information. Theserver
web servers can communicate with database servers either directly or through
for security reasons.application firewallan
messages and particularly the user database are confidential, so they are typicallymail-E
stored on servers that cannot be accessed from the Internet (at least not in an insecure
manner), but can be accessed from email servers that are exposed to the Internet.
The mail server inside the DMZ passes incoming mail to the secured/internal mail
servers. It also handles outgoing mail.
, and monitoring reasons,HIPAAFor security, compliance with legal standards such as
within the DMZ. Thisproxy serverin a business environment, some enterprises install a
has the following benefits:
Obliges internal users (usually employees) to use the proxy server for Internet access.
Reduced Internet access bandwidth requirements since some web content may be cached
by the proxy server.
Simplifies recording and monitoring of user activities.
Centralized web content filtering.
and the privacy ofmaintaining the integrity of dataNetwork security is vital to
organization and employees. It encompasses everything from the most basic practices,
and fully logging out of community computers, to thecreating strong passwordssuch
20. 19
most complex, high-level processes that keep networks, devices and their users safe.
More and more sensitive information is stored online and in these various devices, and if
an unauthorized user gains access to that data, it could lead to disastrous results.
Network security is the key to keeping that sensitive information safe, and as more
private data is stored and shared on vulnerable devices, network security will only grow
in importance and necessity.
1.7 Project Scope
This project is discuss DMZ and apply DMZ technology to YottaGate's company
5/11/2020 to 30/2/2020. It discusses implementing DMZ technology
Reference
security-edu/network-https://www.forcepoint.com/cyber
network-https://www.barracuda.com/glossary/dmz