A DMZ, otherwise known as a demilitarised zone is a perimeter security network used to prevent external sources attacking an organisations local area network from outside networks like the Internet.
In all, it is the last Firewall before you gain access to an organisations data.
There are two basic designs for a DMZ firewall: The Single Firewall and the Dual Firewall.
The Single Firewall
The single firewall has three network interfaces. The external firewall is formed from the external network to the first network interface, this leads to the second interface and the DMZ is formed with the link between second and third interface.
The DMZ firewall handles all traffic between external and internal networks and is the single point of failure.
The Dual Firewall
The Dual Firewall offers a more secure approach and uses two firewalls. The first which is named the front firewall is allows traffic destined to the DMZ only, the second firewall allows only traffic that flows through the DMZ to go to the internal network.
It is recommended you use two different firewall providers to make it harder to break through both walls as both firewalls are less likely to suffer the same security flaws. This option is obviously more costly but is far better and harder to penetrate than a single fire wall.
There is a third form of DMZ called a DMZ host. This is used on home networks generally but is not a real DMZ as it does not separate the host from the internal network. The DMZ host is able to connect to hosts on the internal network but real DMZs are not permitted to connect with the internal network by a firewall that separates them, unless the firewall permits the connection.
In all, it is the last Firewall before you gain access to an organisations data.
There are two basic designs for a DMZ firewall: The Single Firewall and the Dual Firewall.
The Single Firewall
The single firewall has three network interfaces. The external firewall is formed from the external network to the first network interface, this leads to the second interface and the DMZ is formed with the link between second and third interface.
The DMZ firewall handles all traffic between external and internal networks and is the single point of failure.
The Dual Firewall
The Dual Firewall offers a more secure approach and uses two firewalls. The first which is named the front firewall is allows traffic destined to the DMZ only, the second firewall allows only traffic that flows through the DMZ to go to the internal network.
It is recommended you use two different firewall providers to make it harder to break through both walls as both firewalls are less likely to suffer the same security flaws. This option is obviously more costly but is far better and harder to penetrate than a single fire wall.
There is a third form of DMZ called a DMZ host. This is used on home networks generally but is not a real DMZ as it does not separate the host from the internal network. The DMZ host is able to connect to hosts on the internal network but real DMZs are not permitted to connect with the internal network by a firewall that separates them, unless the firewall permits the connection.
