two officers sitting on sofa
Tue Dec 20

What is DMZ in Networking?

We all can agree that the internet is truly an unsafe public area. Therefore the use of a firewall is a common and essential element to protect a network. Unfortunately, it is sometimes not enough, especially in a business setting where companies may gather the customers’ confidential information. This often leads to the bad guys marking them as their primary target.

Oftentimes, communication between employees and stakeholders requires a closed and confidential manner within a company. For this reason, the intranet is a thing that must be protected at all cost. However, this does not mean that this network must be isolated from the internet because sometimes there are special conditions that need to be carried out through the internet network.

Restricting internet access in a network could mean we get a better level of security. This could be true, yet not plausible. It doesn’t make sense to do that considering that many things related to office work depend on an internet connection.

What is the purpose of DMZ?

This problem mainly arises in an organization, where the need for the internet and the need for security in the internet can be said to be equally important. Regarding the issue, avoiding direct exposure to the unsafe network could be a good option to take. This is the rationale behind the DMZ’s thus very crucial in bridging the public area (internet) with the private area (intranet) as an additional layer of security.

As stated before, a company often requires a condition where the services offered must be accessible to the public via the internet. Web servers, mail servers, and FTP servers are some of the services directly related to the public that are placed in this area.

This area is also usually equipped with various security features such as IPS and IDS which monitors any unusual traffic or intrusion attempts from the outside. Proxy servers are usually placed in this zone as intermediaries to allow access to the internet.

What is DMZ?

The concept of a DMZ in a network is taken from military terms where this area prohibits all military activity. In this context, DMZ is the area that allows wider public access according to their needs.

It is usually located between the internet and an intranet, both of which are restricted by firewalls. These two firewalls play a role in segregating traffic based on its level of importance. With this, of course, we can say that the policy applied to a firewall directly exposed to the internet will be looser than the policy set on a firewall bordering the intranet.

Advantages and Disadvantages of DMZ

Certainly, the state brings its own advantages and disadvantages. This makes the DMZ an area that is not as dangerous as the internet, not as secure as the intranet either. Even so, it offers a lot of flexibility which is advantageous.

Important thing to note is that for this reason, critical information and sensitive data will not be placed here. In spite of the fact that several servers usually reside here, the database server containing user data is placed in a safer environment (intranet), where communication between the server and database is only possible through an application firewall.

What is the DMZ host in the router?

In router configurations used for home networks, you might find a feature called a DMZ host. However, by definition, this is actually inaccurate because a true DMZ should not be able to communicate with other hosts on a local area network (intranet) unless this is allowed by the firewall.

In contrast, a DMZ host allows a host that has been designated as a DMZ to still be able to communicate with local area networks. Hence, it won’t provide you with the extra layer of security that the DMZ subnet does.

If so, why does the feature exist? This feature is usually used in certain conditions. For example, when accessing a Closed Circuit Television (CCTV) connected to an internet network or we used to call it an IP camera. By setting it as a DMZ host, this camera will be accessible from anywhere via the internet.

From a security standpoint, it is actually not recommended for the reasons previously stated, namely allowing the host to remain connected to other hosts creating a new security gap. A better alternative is to do port forwarding. Unfortunately, port forwarding requires configuration which will be quite difficult, especially for those who are inexperienced.

Summary

In computing, a DMZ is the subnetwork usually used by the company that exposes the services to the untrusted networks like the internet. This subnetwork is usually placed as a bridge between two firewalls each adjacent to the internet and to the intranet (local area network). DMZ plays a vital role in facilitating public access to the services offered by the company due to its less restrictive firewall policy.

You might like

Digital Signature Explained

Learn what a digital signature is and how it works to protect your online communications from hackers and impostors. Find out why you need a digital signature and how to choose a secure hash algorithm. Read more and get started today!
Everything You Need to Know About Virtual Machine

Learn how to run multiple operating systems on one PC with virtualization and dual booting. Compare the pros and cons of each method and find out which one suits you best. Read more now!