Subject: Advanced Networking Technologies

Difficulty: Medium

Marks: 10 marks

1. DMZ is a military term that refers to an area or a boundary between two or more military powers where the military activities are prohibited
2. Similarly, DMZ in computer networking is defined as a subnetwork that provides services and information to an organization over the internet
3. DMZ build’s additional layer o security of LAN
4. The service provides (hosts) email server, web server and DNS server that provide services outside LAN are prone to external attacks
5. These providers/hosts are placed within their subnetwork to protect the whole network from external attacks
6. The hosts within the DMZ subnetwork provide services to both the internal and external attacks

Services in DMZ

1. Web Server
   • Serves the webpages using HTTP
   • This may communicate with internal data base
   • Database services cannot be accessed publicly
   • An application firewall is placed between web servers and data base servers
   • This approach is complex to implement but provides more security
2. Mail Servers
   • Use client-server architecture
   • To transfer email
   • Mail server placed in hidden area in DMZ, for maintaining confidentiality
3. Proxy Servers
   • Filters the request from the clients and then provide response to client’s request
   • Filtering done through IP addresses and protocols
   • Proxy servers placed between computers of clients and other servers
   • The use of proxy servers simplifies monitoring and recording of user activities and blocks local access to unauthorized contents
   • Helps in reducing bandwidth

Architecture of DMZ

Two Types of architecture

1. Single Firewall Model

   • Consists of at least three network interfaces
     • The external network interface
     • The internal network internal
     • DMZ network interface
   • Both external and internal network are interfaced to DMZ through single firewall
   • If firewall does not function properly network fails

1. Dual Firewall Model

   • Consists of three interfaces with two firewall
   • In first firewall is to allow traffic only from external network to DMZ
   • Two firewall allows traffic only from DMZ to internal network
   • First firewall handles more traffic
   • If intruder manages to beak the security by first firewall, then it will require more time to break through second firewall
   • This is effective model but expensive

Transparent Proxy:

• The proxy service passes data between the gateway and the host.
• The proxy service passes data between the two connections.
• The proxy server logs the connection information.
• Application proxies cancel the identity of the host,So the user never knows the identity or IP address of the server, Where the application resides.
• Application proxies have to be set up for each required service such as HTTP or FTP which can make configurations complex, application proxies can provide a high level of security.