Why we need demilitarized zone in a network?
Demilitarized zone or in short terms DMZ is used to improve the security of an organization’s network by segregating devices such as computers and servers on the opposite sides of a firewall. It is sort of creating two separate networks. The question is why do we need a demilitarized zone and how does it improve the security?
Let’s take an example, we have a network that belongs to a company and this company has computers and servers behind their firewall. These servers could be a web server and an email server, those servers need to be accessed by people through the internet, so that the company can stay in business.
Since these servers are behind the company’s firewall, they are within the company’s private network. Now the company is letting people in, to their private network through their firewall, from an untrusted network such as internet. This could cause a security concern because, as people are accessing these servers, hackers could use this as an opening to cause havoc on the company’s network since they already pass the firewall. Now hackers can try and access other sensitive data that are behind the firewall such as a database server, where sensitive data is kept. Hackers may even try to plant a virus so this is a big security concern for the organization.
In order to avoid these kind of security issues, company can separate the web and email servers outside of the company’s internal network and keep them opposite side of the firewall for public access. Now the servers would still be in the same building but, they would be on the other side of the firewall. Now the people might not be accessed to the company’s sensitive data which are kept behind the company’s internal firewall. These servers are now out in front, facing the internet and fully exposed. This is called a Demilitarized zone
We call that these servers are now in perimeter network, and this perimeter network can also act like a screened network to detect any malicious activity before it can get behind the firewall and into the company’s internal network. A DMZ divides a network into two parts by taking devices from inside the firewall and then putting them outside the firewall.
Here, DMZ setup only uses one firewall, but a more secure DMZ will use two firewalls with an extra firewall in front of the DMZ. This second firewall adds an extra layer of protection to make sure that only legitimate traffic can access the DMZ and it makes lot harder for hackers to penetrate into the company’s Internal network, because they would have to go through two different firewalls.
One common use of a DMZ in our home is to put a gaming console such as an Xbox or PlayStation and configuring it as a DMZ host. This is done because a lot of these gaming consoles are often used for online gaming, and gamers don’t want any interference that could happen from a firewall. So they don’t want to have to mess with any kind of port forwarding configuration, which can sometimes be a hassle. They can just go into the DMZ settings in the router and put in the gaming console’s IP address as the DMZ. It’s also important to note that the device in the DMZ should be configured with a static IP Rather than a dynamic IP. So in this set up the home router serves as the firewall and these computers are safe behind the routers firewall. But, As I mentioned above, the gaming console is on the opposite side of the router’s firewall and placed in the DMZ and fully exposed to the Internet. So in conclusion that’s what DMZ means. A demilitarized zone.In the real world it’s an area where the military is forbidden or in the computing world, It’s where firewall protection is forbidden.
