Demilitarized Zone (DMZ) Networks

• Firewalls can be arranged to form a DMZ

• DMZ is required only if an organisation has servers that it needs to make available to the outside world for this a firewall has at least three network interfaces.

• One interface connects to the external public network, the second interface connects to the external public network(i,e internet) and the third relates to the public servers( which form the DMZ network)

• The main advantage of this scheme is that the access to any service on the DMZ can be restricted. e.g., if the web server is the only essential service, we can limit the traffic in/out of the DMZ network to the HTTP and HTTPS protocols. All other traffic can be filtered; the internal private system is no way directly connected to the DMZ.So even if an attacker can somehow manage to hack into the DMZ, the internal private network is safe and out of the reach of the attackers.

Limitations Of Firewall:

• Inside's Intrusion: If an inside user attacks the interval network in some way the firewall cannot prevent such an attack.
• Direct Internet Traffic: A firewall must be configured as the only entry-exit point of an organisation network.If instead, the firewall is one of the entry-exit points a user can bypass the firewall and exchange information with the internet via the other entry-exit points. This can open up the possibility of attacks on the internal network through those points.
• Virus Attack: Firewall cannot protect the internal system from virus.