A DMZ or demilitarized zone is a perimeter network that protects and adds an extra layer of security to an organization’s internal local-area network from untrusted traffic. The purpose of a DMZ is to add an additional layer of security to an organization’s local area network (LAN); an external attacker only has access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term “demilitarized zone”, an area between nation states in which military action is not permitted.
It is common practice to have a firewall and demilitarized zone (DMZ) on your network but many people n even IT professionals n don’t really understand why, except for some vague idea of semi-security. Most businesses that host their own servers operate their networks with a DMZ located at the perimeter of their network, usually operating on a separate firewall as a semi-trusted area for systems that interface with the outside world.
Why DMZ Exists?
To maintain real security, it is important to clearly understand the purpose of a DMZ.
Most firewalls are network-level security devices, usually an appliance or an appliance in combination with network equipment. They are intended to provide a granular means of access control at a key point in a business network. A DMZ is an area of your network that is separated from your internal network and the Internet but is connected to both.
A DMZ is intended to host systems that must be accessible to the Internet but in different ways than your internal network. The degree of availability to the Internet at the network level is controlled by the firewall. The degree of availability to the Internet at the application level is controlled by software n really a combination of Web server, operating system, custom application, and often database software.
The DMZ typically allows restricted access from the Internet and from the internal network. Internal users must typically access systems within the DMZ to update information or to use data gathered or processed there. The DMZ is intended to allow the public access to information through the Internet, but in limited ways. But since there is exposure to the Internet and a world of ingenious people, there is an ever present risk that these systems can be compromised.
The impact of compromise is twofold: first, information on the exposed system(s) could be lost (i.e., copied, destroyed, or corrupted) and second, the system itself may be used as a platform for further attacks to sensitive internal systems.
To mitigate the first risk, the DMZ should allow access only through limited protocols (e.g., HTTP for normal Web access and HTTPS for encrypted Web access). Then the systems themselves must be configured carefully to provide protection through permissions, authentication mechanisms, careful programming, and sometimes encryption.
Think about what information your website or application will be gathering and storing. That is what can be lost if systems are compromised through common Web attacks such as an SQL injection, buffer overflows or incorrect permissions.
To mitigate the second risk, DMZ systems should not be trusted by systems deeper on the internal network. In other words, DMZ systems should know nothing about internal systems though some internal systems may know about DMZ systems. In addition, DMZ access controls should not allow DMZ systems to initiate any connections further into the network. Instead, any contact to DMZ systems should be initiated by internal systems. If a DMZ system is compromised as an attack platform, the only systems visible to it should be other DMZ systems.