Public DMZ Network
- thierry sinassamy
A perimeter network that divides an organization’s public and private networks. The main objective of a DMZ is to enable an organization to access untrusted networks, such as the Internet, securely. In such a manner, a DMZ isolates internal and private networks from untrusted networks, avoiding unauthorized access to the first ones.
Considering a DMZ, we can classify the Internet as an untrusted domain, the demilitarized zone as semi-trusted, and the private network as trusted. Firewalls control the network traffic incoming and outgoing the system.
There are 2 types of DMZ : double-firewalled architecture & single-firewalled architecture
In the double-firewalled architecture, we have 2 instances of Firewalls, whose instances are independent.
The main difference is that, in the single-firewalled architecture, the firewall is a single point of failure.
Benefits of DMZ :
Network Access Control: in a DMZ, it is possible to limit and track access to organizations’ public and private networks.
Network Scanning Avoidance: DMZ discloses systems projected to be public, avoiding the scanning of systems designed only for internal use.
Performance Improvements: DMZ can reduce the load on the private network, improving the performance of systems running there.