Demilitarized Zone (DMZ)

Demilitarized Zones (DMZ)

Demilitarized zones, or DMZ for short, are used in cybersecurity. DMZs separate internal networks from the internet and are often found on corporate networks. A DMZ is typically created on a company’s internal network to isolate the company from external threats. While the name might sound negative, a DMZ can be a helpful tool for network security.

The DMZ is a network barrier between the trusted and untrusted network in a company’s private and public network. The DMZ acts as a protection layer through which outside users cannot access the company’s data. DMZ receives requests from outside users or public networks to access the information, website of a company. For such type of request, DMZ arranges sessions on the public network. It cannot initiate a session on the private network. If anyone tries to perform malicious activity on DMZ, the web pages are corrupted, but other information remains safe.

Benefits of Using a DMZ 

The main benefit of a DMZ is to provide an internal network with an advanced security layer by restricting access to sensitive data and servers. A DMZ enables website visitors to obtain certain services while providing a buffer between them and the organization’s private network. 

1) Enabling access control:

Businesses can provide users with access to services outside the perimeters of their network through the public internet. The DMZ enables access to these services while implementing network segmentation to make it more difficult for an unauthorized user to reach the private network. A DMZ may also include a proxy server, which centralizes internal traffic flow and simplifies the monitoring and recording of that traffic.

2) Preventing network reconnaissance:

By providing a buffer between the internet and a private network, a DMZ prevents attackers from performing the reconnaissance work they carry out the search for potential targets. Servers within the DMZ are exposed publicly but are offered another layer of security by a firewall that prevents an attacker from seeing inside the internal network. Even if a DMZ system gets compromised, the internal firewall separates the private network from the DMZ to keep it secure and make external reconnaissance difficult.

3) Blocking Internet Protocol (IP) spoofing: Attackers attempt to find ways to gain access to systems by spoofing an IP address and impersonating an approved device signed in to a network. A DMZ can discover and stall such spoofing attempts as another service verifies the legitimacy of the IP address. The DMZ also provides network segmentation to create a space for traffic to be organized and public services to be accessed away from the internal private network.

• The Working of a DMZ

Internet-connected devices take the brunt of most assaults and are thus the most susceptible. Companies with public servers must be accessible by individuals outside the organization and are often more vulnerable to cyberattacks. To prevent this, a business might hire a hosting firm to host its website or external servers behind a firewall; however, this would severely affect performance. The public servers are thus located on a private and secure network.

A DMZ network acts as a shield between an organization’s private network and the internet. Security doorways, including firewalls, filter activity between the DMZ and the LAN to isolate the DMZ from the LAN.

Another security gateway, which monitors traffic from external networks, protects the default DMZ server. Ideally, a DMZ is situated between two firewalls.

1) Single firewall

A DMZ with a single-firewall configuration requires three or more network interfaces. The external network is linked to the firewall through an internet service provider (ISP). The next layer is the interface for the internal private network, while the third is connected to the DMZ. The firewall should be able to control all DMZ and internal network traffic as a network barrier.

This architecture is made up of three major components.

1) Firewall: All external traffic must go via the firewall first.

2) DMZ switch: It is a device that routes traffic to a public server. The traffic is sent to an internal server through internal control.

3) Servers: Both a public and a private server must be present. 

2. Dual firewall

Creating a DMZ with dual firewalls provides more security. The first firewall also referred to as the frontend firewall, is meant to accept only DMZ-bound traffic. The second firewall, sometimes termed the backend firewall, is exclusively responsible for DMZ-to-internal network traffic.

Different suppliers’ firewalls are used to increase security since they are least likely to have the same security vulnerabilities. Implementing this method over a broad network is more effective but also more costly. 

Organizations can also further work on perfecting security protocols for distinct network segments. 

• Applications of DMZ

Some instances of DMZ networks may be found in:

• Cloud services: Cloud computing services may employ hybrid security by implementing a DMZ between the virtual or cloud network and an enterprise’s on-premise network infrastructure. Organizations often use this strategy when part of their applications are run in-house, and part of them are on the virtual network. Additionally, a DMZ is used to audit outgoing traffic or control granular traffic between virtual networks and on-premises data centers. 

• Home networks: Home networks with LAN configurations and broadband routers can also benefit from a DMZ. Numerous residential routers provide DMZ options or DMZ host configurations. These settings allow users to expose only one device to the internet. Computers on home networks are assigned to run outside firewalls as a component of the DMZ host functionality. All of the other network devices remain inside the firewall. 

• Industrial control system (ICS): The term industrial control system (ICS) refers to a broad category of control systems that encompass distributed control systems (DCS), supervisory control and data acquisition (SCADA), programmable logic controllers (PLC), and other control system configurations. Industrial equipment is integrated with IT, resulting in smarter and more efficient manufacturing environments. This, however, leads to a more significant threat surface which is why DMZ is necessary.

• Examples of (DMZ)

1. Web servers 
It’s possible for web servers communicating with internal database servers to be deployed in a DMZ. This makes internal databases more secure, as these are the repositories responsible for storing sensitive information. Web servers can connect with the internal database server directly or through application firewalls, even though the DMZ continues to provide protection.

 
2. FTP servers
FTP, which stands for file transfer protocol, is a method of transferring data to any computer connected to the internet anywhere in the world. It is a standard network protocol used to transfer files between a client and a server on a computer network. An FTP server can host important content on a company’s website and allow direct file engagement. As a result, it should always be isolated from crucial internal systems. 

3. Email servers
A mail server, also known as a mail transfer agent, refers to a program that accepts incoming emails from local users and remote senders and transmits outgoing messages for delivery. It is common practice to store individual emails and the user database that maintains a record of login credentials on servers that cannot directly access the internet. As a result, an email server is developed or deployed within the DMZ to communicate with and access the email database while avoiding direct exposure to potentially dangerous traffic. 

4. DNS servers
A DNS server stores a database of public IP addresses and their associated hostnames. It usually resolves or converts those names to IP addresses when applicable. DNS servers use specialized software and communicate with one another using dedicated protocols. Placing a DNS server within the DMZ prevents external DNS requests from gaining access to the internal network. Installing a second DNS server on the internal network can also serve as additional security. 

5. Proxy servers 
A proxy server is often paired with a firewall. Other computers use it to view Web pages. When another computer requests a Web page, the proxy server retrieves it and delivers it to the appropriate requesting machine. Proxy servers establish connections on behalf of clients, shielding them from direct communication with a server. They also isolate internal networks from external networks and save bandwidth by caching web content. 

6. VoIP servers 
Although voice over internet protocol (VoIP) servers may connect with both the internal network and the Internet, internal network access is restricted, and firewalls are configured to analyze all traffic entering the internal LAN.

Importance of DMZ

By:

Kajal Chaudhari(E-29 & A-12) 

Student of Btech Computer Science & Engineering

Subject: Information Security

Under Guidence of Mr. Nursing Kadam.