In our article, we will examine in detail the concept of DMZ. Let's try to give answers to questions about what DMZ is, how it appeared, and how to configure DMZ. Everyone will be able to get at least general information on this topic.
Reasons for the emergence of demilitarized zones
Now less and less you can meet any company without computers. And where there are computers, there is also an internal local area network that unites them together.
Having a shared internal LAN in itself is very practical and secure. But with the advent of the World Wide Web, things got a little more complicated. Now the vast majority of companies use the services of the World Wide Web. This greatly facilitates the workflow, since everyone can find any information that interests him in a matter of seconds.
But with the development of the Internet, there was a threat of penetration from the outside of the company’s common local network. First of all, this concerned companies with public Internet services available to any user of the World Wide Web. The danger was that the attacker, gaining access to the web service, could also gain access to personal information stored on any of the computers connected to the internal LAN. This caused a number of difficulties that are solved by creating a DMZ.
Primary source
The first thing you should know about the DMZ is that it is, first and foremost, a military term, originating from the designation “demilitarized zone”. It means a certain area of territory located between two opposing states. It prohibited any form of military activity - be it a special operation, sabotage or espionage.
DMZ demilitarized zone: architecture and implementation
From the interpretation of the original term, it becomes clear to us that DMZ is a certain area of the terrain where any kind of malicious activity is prohibited. And this extremely successfully characterizes the whole essence of this, let’s say, trick.
We should understand about the concept of DMZ itself, that this is an extremely simple solution, which is the creation of a separate segment of a computer network, isolated from all external Internet hosting and from the internal network of the company. It is also a restriction of control or a complete prohibition of access to the Internet, as well as to the internal network.
Creating a separate network segment is quite easy. For this, firewalls or firewalls are used. The word “firewall” itself can be known to the average user from films about famous hackers, but few people know what it is.
A firewall is a hardware-software unit of a computer network that divides it into sectors and allows you to filter incoming network traffic according to the rules specified by the operator (administrator). Also, in the event of unauthorized penetration, an attacker gains access only to those files that are within a separate sector, without prejudice to the rest.
There are at least two types of configuration of demilitarized zones - with one firewall or with many. In the first configuration, the firewall divides the network into three sectors:
- internal network;
- DMZ
- internet channel.
But still, this method provides an insufficient level of protection. In most large firms, the second method is still used - with a large number of firewalls. In this case, the attacker will have to overcome at least one additional system perimeter with its own traffic filter, which significantly increases security.
Customization
We are sure that many people have already sufficiently learned about the DMZ that this is a simple and effective way to ensure the security of your computer network. Users of multi-channel Internet routers themselves can appreciate this ingenious trick for hackers.
All that is required to configure DMZ is to output one device as a local network, connecting it, respectively, through a separate cord to a free slot on the router, then assign it a static IP address, then activate it in the DMZ window and restart the device.
Before all manipulations, make sure that all devices have the latest protection versions installed. After that, you can freely use this, albeit simple, but effective protection against encroachment on your personal data.
This article summarized all the most important facts about the DMZ: what it is, how it works, and, most importantly, its purpose.