3. DMZ
Portion of the network between the border
router and the non-public computing
services
4. Contd.
In computer networks, a DMZ
(demilitarized zone) is a computer host or
small network inserted as a "neutral zone"
between a company's private network and
the outside public network.
5. Perimeter Security Topologies
Any network that is connected (directly or
indirectly) to your organization, but is not
controlled by your organization, represents a
risk..
Include demilitarized zones (DMZs) extranets,
and intranets
continued…
12. Network Address Translation (NAT)
Internet standard that enables a LAN to use
one set of IP addresses for internal traffic
and a second set for external traffic
Provides a type of firewall by hiding
internal IP addresses
Enables a company to use more internal IP
addresses.
13. Creating and Developing Your
Security Design
Control secrets - What knowledge would enable someone
to circumvent your system?
Know your weaknesses and how it can be exploited
Limit the scope of access - create appropriate barriers in
your system so that if intruders access one part of the
system, they do not automatically have access to the rest
of the system.
Understand your environment - Auditing tools can help
you detect those unusual events.
Limit your trust: people, software and hardware
16. Services
Typically contains devices accessible to
Internet traffic
Web (HTTP) servers
FTP servers
SMTP (e-mail) servers
DNS servers
17. DMZ Design Goals
Filtering DMZ traffic would identify
traffic coming in from the DMZ interface of
the firewall or
router that appears to have a source IP address
on a network other the DMZ network number
(spoofed traffic).
the firewall or router should be configured
to initiate a log message or rule alert to
notify administrator
18. Tunneling
Enables a network to securely send its data through untrusted/shared
network infrastructure
Encrypts and encapsulates a network protocol within packets carried
by second network
Replacing WAN links because of security and low cost
An option for most IP connectivity requirements