What Is a DMZ and How Does It Work?
A DMZ is a secure server that adds an additional layer of security to a network and acts as a buffer between a local area network (LAN) and a less secure network which is the Internet. A DMZ server is known as a Data Management Zone and provides secure services to local area network users for email, Web applications, ftp, and other applications that require access to the Internet. DMZ in networking gets its name from the demilitarized zones, which is land that the military would use as a barrier against the enemy.
How a DMZ Works?
A DMZ is a management server that is placed on the network that contains multiple network interfaces that play specific roles in protecting the local area network (LAN). IT administrators use a 4-port Ethernet card in the firewall to create a series of networks that include an internal trusted network, DMZ network, and the untrusted network which is the Internet.
Multiple DMZ networks are created to reduce the impact of damage to the system in the event that one of the DMZ hosts is compromised for any reason. Although a regular network firewall is installed to provide protection for the local area network, a DMZ establishes rules for protecting the DMZ network from the Internet. It also establishes rules for protecting the local area network from the DMZ in the event the DMZ is compromised. This provides added protection against hackers that try to breach the local area network.
DMZ Host Security
Because the DMZ management server network acts as a buffer zone between the local area network and the Internet, it is a less secure network than the internal network. For this reason, there are added security measures that are taken for a DMZ host which include, disabling unnecessary services, running the necessary services with the privileges reduced, eliminating any unnecessary user accounts, and making sure the DMZ has the latest security updates and patches. Although there are computers that have access to the DMZ, if there is a security breach it will not compromise the entire network like it would if the entire network is accessible to the Internet.
Another method that is used to secure a DMZ network is called a "honeypot" or "honeynet" which is a network of computers that is constructed for the purpose of luring hackers. The hackers are caught and tracked in the computers that are connected to the honeypot which diverts them away from the authentic resources.
The computers that are part of the honeypot are actually virtual machines that are embedded in a single machine. Network administrators then deploy intrusion detection systems and other monitoring systems on the honeypot to discover the identity of the hackers and some of the techniques they are using.