Back to Security Pattern Catalog




Demilitarized Zone


Classification Key : Perimeter Security, Tampering

Problem

Internet technology systems are regularly subject to attacks against their functionality, resources and information. Using a firewall to protect the system from malicious traffic, does not work if the firewall is not configured correctly. How can we protect the systems from direct attacks?

Solution

Provide a region of the system that is separate from both internal and external users and the internal data and functionality – commonly known as the demilitarized zone (DMZ). Restrict access to the region from outside by limiting network traffic flow to certain physical servers. Use the same technique to restrict access from servers in the DMZ to the internal systems.

Known Uses

DMZs provided by Sun, Cisco, Microsoft etc.

Related Patterns

Packet Filter Firewall

Source

Wiley Book

Tags

Firewall, DMZ


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz