Demilitarized Zone
Classification Key
: Perimeter Security, Tampering
Problem
Internet technology systems are regularly subject to attacks against their functionality, resources and information. Using a firewall to protect the system from malicious traffic, does not work if the firewall is not configured correctly.
How can we protect the systems from direct attacks?
Solution
Provide a region of the system that is separate from both internal and external users and the internal data and functionality – commonly known as the demilitarized zone (DMZ). Restrict access to the region from outside by limiting network traffic flow to certain physical servers. Use the same technique to restrict access from servers in the DMZ to the internal systems.
Known Uses
DMZs provided by Sun, Cisco, Microsoft etc.
Related Patterns
Packet Filter Firewall
Source
Wiley Book
Tags
Firewall, DMZ
|