Definition of DMZ
DMZ is short for Demilitarized Zone which is an area to communicate to outsiders who are still associated with the computer network . DMZ is also a sub network that stands separately from its internal sub network that functions for security purposes.
Maybe we already understand that both the web server and mail server, including servers that we can access from outside, more precisely we can access them from various corners of the world by utilizing the internet.
Both of these servers, including the type of server that is vulnerable to attack. Therefore, someone who owns or uses a mail server and web server must be able to protect the server with multiple layers of protection in a computer network so that other people do not succeed in getting important data that can harm the owner or all people connected. on the server.
The name DMZ or Demilitarized Zone itself arises from an area in various countries where there were no military operations in any form. This DMZ is a metaphor and concept applied in computer networks which later will act as gateways. The DMZ will provide security for access to other people who are connected to the internet network.
The hosts that have the most potential to be targeted are those in charge of providing information and access to external networks, for example, such as web servers and mail servers that we have mentioned before . Therefore, they must be placed in certain sub networks in order to provide protection against intruders who can come and attack the server at any time.
Meanwhile, hosts on the DMZ have limited access to certain hosts that are still become one in the internal network. In addition, communication between hosts inside the DMZ and outside networks is also limited in order to make the DMZ more secure and avoid attacks that occur at any time.
There are several ways that can be done to design a Demilitarized Zone. But the most common way that is usually done is to use single firewall and use multiple firewalls. From here it can then be developed so that it can create a complex DMZ architecture in accordance with network requirements.
1. Single Firewall
Single Firewall is a type of firewall which has 3 network interfaces and can be used in order to create a computer network containing DMZ.
This firewall becomes a point that must handle all the past network that is in the DMZ in the internal network. Usually the traffic will be marked with colors, such as purple which means LAN, green which means for DMZ, and red which means for internal connections.
2. Dual Firewall
From the name we can already understand that this type of firewall consists of several layers. The use of multiple firewalls will certainly be safer because it uses two devices that are combined into one.
Even if security is provided by different vendors, then the security can be even more layers. This makes the device or network has little potential to be able to receive attacks.
Additionally, errors in settings are also not possible in the same way and process for all interfaces in two different vendor settings. But the disadvantage of using multiple firewalls is the high cost. These costs are the costs used to buy, manage, and use a firewall for different vendors.
So what exactly is the function of the DMZ or Demilitarized Zone? To get this answer, please look carefully at the information we will provide below:
- Used to make internal users, such as employees, able and willing to use a proxy server when they want to access the internet.
- Used for reduce some of the requirements of access internet bandwidth . The reason is because some of the content on the web can be cached as a proxy server.
- Used to simplify the recording and also monitoring of various activities related to users, wherein later these activities will focus on web content filtering
How it Works DMZ
What are the DMZ services that are often used? All services that have been provided to users on the outside network can be placed inside the DMZ. The most common services are at least 4, namely web servers, FTP servers, mail servers, and VoIP servers.
For web servers, they communicate on internal databese which must require access to enter the database server. But information that is certainly not accessible to outsiders is all information that is personal and sensitive. Web server can communicate with a database server. Communication can be done directly or through a firewall for security purposes.
E-mails and messages and databatase from users are generally confidential. Therefore, the database of these users will be stored on a server that cannot be accessed even by using the internet. But it can still be accessed by using a mail server that is connected to the internet. Meanwhile, the mail server contained in the DMZ is used to send messages securely internally and externally.