Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on


  1. 1. DMZLevel of defence in private network Shaikh Fozia Shahbaz khan
  2. 2. Learning Objectives Definition Perimeter Security Topologies Architecture Security Firewalls DMZ host Services Goals Tunneling in network security Conclusion
  3. 3. DMZ Portion of the network between the border router and the non-public computing services
  4. 4. Contd. In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a companys private network and the outside public network.
  5. 5. Perimeter Security Topologies Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk.. Include demilitarized zones (DMZs) extranets, and intranets continued…
  6. 6. Trusted Networks
  7. 7. Semi-Trusted Networks
  8. 8. Untrusted Networks
  9. 9. Unknown Networks
  10. 10. ArchitectureSingle firewall
  11. 11. Dual firewall
  12. 12. Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
  13. 13. Creating and Developing Your Security Design Control secrets - What knowledge would enable someone to circumvent your system? Know your weaknesses and how it can be exploited Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system. Understand your environment - Auditing tools can help you detect those unusual events. Limit your trust: people, software and hardware
  14. 14. DMZ Security Firewalls Firewall functions Interaction of firewalls with data
  15. 15. DMZ host
  16. 16. Services Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
  17. 17. DMZ Design Goals Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic). the firewall or router should be configured to initiate a log message or rule alert to notify administrator
  18. 18. Tunneling Enables a network to securely send its data through untrusted/shared network infrastructure Encrypts and encapsulates a network protocol within packets carried by second network Replacing WAN links because of security and low cost An option for most IP connectivity requirements
  19. 19. CONCLUSION