SlideShare a Scribd company logo

Dmz

Download as PPT, PDF
أحلام انصارى
أحلام انصارى

The document discusses demilitarized zones (DMZs) in computer networks. A DMZ is a small subnetwork located between a company's private network and the outside public network. It contains devices like web, FTP, and email servers that are accessible to internet traffic but isolated from the internal network. DMZs provide enhanced security by separating internal and external networks, and only allowing specific services that need to be accessed from the outside. The document outlines common DMZ architectures, security considerations, and the types of servers and services typically located in a DMZ.

1 of 19
DMZ Level of defence in private network Shaikh Fozia Shahbaz khan
Learning Objectives  Definition  Perimeter Security Topologies  Architecture  Security Firewalls  DMZ host  Services  Goals  Tunneling in network security  Conclusion
DMZ  Portion of the network between the border router and the non-public computing services
Contd.  In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.
Perimeter Security Topologies  Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk..  Include demilitarized zones (DMZs) extranets, and intranets continued…
Trusted Networks
Semi-Trusted Networks
Untrusted Networks
Unknown Networks
Architecture Single firewall
Dual firewall
Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
Creating and Developing Your Security Design  Control secrets - What knowledge would enable someone to circumvent your system?  Know your weaknesses and how it can be exploited  Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system.  Understand your environment - Auditing tools can help you detect those unusual events.  Limit your trust: people, software and hardware
DMZ Security Firewalls  Firewall functions  Interaction of firewalls with data
DMZ host
Services  Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
DMZ Design Goals  Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic).  the firewall or router should be configured to initiate a log message or rule alert to notify administrator
Tunneling  Enables a network to securely send its data through untrusted/shared network infrastructure  Encrypts and encapsulates a network protocol within packets carried by second network  Replacing WAN links because of security and low cost  An option for most IP connectivity requirements
CONCLUSION

Recommended

Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ Zone
NetProtocol Xpert
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
Fathima Rahaman
 

Recommended

Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ Zone
NetProtocol Xpert
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
Cleverence Kombe
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Wireless Network security
Wireless Network securityWireless Network security
Wireless Network security
Fathima Rahaman
 
IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
Mohibullah Saail
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
amiable_indian
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
IP Security
IP SecurityIP Security
IP Security
Ambo University
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Dmz
DmzDmz
Dmztoby jesse
 
What is a VLAN and DMZ
What is a VLAN and DMZWhat is a VLAN and DMZ
What is a VLAN and DMZ
Avradeep Bhattacharya
 

More Related Content

What's hot

IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
Mohibullah Saail
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityJohn Ely Masculino
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
Aj Maurya
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysisBikrant Gautam
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
Eoin Woods
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
Naveen Kumar
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
Papun Papun
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
Prafull Johri
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
amiable_indian
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
k33a
 
IP Security
IP SecurityIP Security
IP Security
Ambo University
 
Security technologies
Security technologiesSecurity technologies
Security technologies
Dhani Ahmad
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 

What's hot (20)

IP Security and its Components
IP Security and its ComponentsIP Security and its Components
IP Security and its Components
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Network security
Network security Network security
Network security
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
 
Network Security
Network SecurityNetwork Security
Network Security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
Network intrusion detection system and analysis
Network intrusion detection system and analysisNetwork intrusion detection system and analysis
Network intrusion detection system and analysis
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)S/MIME & E-mail Security (Network Security)
S/MIME & E-mail Security (Network Security)
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
IP Security
IP SecurityIP Security
IP Security
 
Security technologies
Security technologiesSecurity technologies
Security technologies
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentation
 

Viewers also liked

What is a VLAN and DMZ
What is a VLAN and DMZWhat is a VLAN and DMZ
What is a VLAN and DMZ
Avradeep Bhattacharya
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Network Security
Network SecurityNetwork Security
Network Securityphanleson
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Masters thesis presentation
Masters thesis presentationMasters thesis presentation
Masters thesis presentation
Celestino Pempe
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
Education
 
Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Hedi Magroun
 
How to Build a B2B Website
How to Build a B2B WebsiteHow to Build a B2B Website
How to Build a B2B Website
DMZ Interactive
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewall
pitt2k
 
Dmz aa aioug
Dmz aa aiougDmz aa aioug
Dmz aa aioug
aioughydchapter
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
Won Ju Jub
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
Sumant Diwakar
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
Rishabh Upadhyay
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Pushkar Dutt
 

Viewers also liked (20)

Dmz
DmzDmz
Dmz
 
What is a VLAN and DMZ
What is a VLAN and DMZWhat is a VLAN and DMZ
What is a VLAN and DMZ
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network Security
Network SecurityNetwork Security
Network Security
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Firewall
Firewall Firewall
Firewall
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Masters thesis presentation
Masters thesis presentationMasters thesis presentation
Masters thesis presentation
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009
 
How to Build a B2B Website
How to Build a B2B WebsiteHow to Build a B2B Website
How to Build a B2B Website
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewall
 
Dmz aa aioug
Dmz aa aiougDmz aa aioug
Dmz aa aioug
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
 
Pgp
PgpPgp
Pgp
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 

Similar to Dmz

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Securityphanleson
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
ClubHack
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
sweta dargad
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
VC Infotech
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
Yovan Chandel
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
IBM India Smarter Computing
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
IBM India Smarter Computing
 
Firewall & DMZ.pptx
Firewall & DMZ.pptxFirewall & DMZ.pptx
Firewall & DMZ.pptx
karthikvcyber
 
محمد
محمدمحمد
محمد
mohammed-1212
 
Day4
Day4Day4
Day4
Jai4uk
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
Nutan Kumar Panda
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
Navdeep Dhingra
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
MD SAHABUDDIN
 
Firewalls
FirewallsFirewalls
Firewalls
Deevena Dayaal
 

Similar to Dmz (20)

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Network security
Network securityNetwork security
Network security
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
 
Tivoli firewall magic redp0227
Tivoli firewall magic redp0227Tivoli firewall magic redp0227
Tivoli firewall magic redp0227
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Firewall & DMZ.pptx
Firewall & DMZ.pptxFirewall & DMZ.pptx
Firewall & DMZ.pptx
 
Firewall
FirewallFirewall
Firewall
 
محمد
محمدمحمد
محمد
 
Day4
Day4Day4
Day4
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Firewall
FirewallFirewall
Firewall
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
 
Firewalls
FirewallsFirewalls
Firewalls
 

More from أحلام انصارى

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
أحلام انصارى
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in haptic
أحلام انصارى
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognition
أحلام انصارى
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptor
أحلام انصارى
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
أحلام انصارى
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
أحلام انصارى
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website أحلام انصارى
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 

More from أحلام انصارى (20)

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in haptic
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognition
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptor
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
grid authentication
grid authenticationgrid authentication
grid authentication
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Dos presentation by ahlam shakeel
Dos presentation by ahlam shakeelDos presentation by ahlam shakeel
Dos presentation by ahlam shakeel
 
Soa
SoaSoa
Soa
 
Rbac
RbacRbac
Rbac
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
 
Image forgery and security
Image forgery and securityImage forgery and security
Image forgery and security
 
Image based authentication
Image based authenticationImage based authentication
Image based authentication
 
Cryptography
Cryptography Cryptography
Cryptography
 

Dmz

  • 1. DMZ Level of defence in private network Shaikh Fozia Shahbaz khan
  • 2. Learning Objectives  Definition  Perimeter Security Topologies  Architecture  Security Firewalls  DMZ host  Services  Goals  Tunneling in network security  Conclusion
  • 3. DMZ  Portion of the network between the border router and the non-public computing services
  • 4. Contd.  In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.
  • 5. Perimeter Security Topologies  Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk..  Include demilitarized zones (DMZs) extranets, and intranets continued…
  • 12. Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
  • 13. Creating and Developing Your Security Design  Control secrets - What knowledge would enable someone to circumvent your system?  Know your weaknesses and how it can be exploited  Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system.  Understand your environment - Auditing tools can help you detect those unusual events.  Limit your trust: people, software and hardware
  • 14. DMZ Security Firewalls  Firewall functions  Interaction of firewalls with data
  • 16. Services  Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
  • 17. DMZ Design Goals  Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic).  the firewall or router should be configured to initiate a log message or rule alert to notify administrator
  • 18. Tunneling  Enables a network to securely send its data through untrusted/shared network infrastructure  Encrypts and encapsulates a network protocol within packets carried by second network  Replacing WAN links because of security and low cost  An option for most IP connectivity requirements