SlideShare uma empresa Scribd logo

Dmz

Transferir como PPT, PDF
أحلام انصارى
أحلام انصارى
1 de 19
DMZ Level of defence in private network Shaikh Fozia Shahbaz khan
Learning Objectives  Definition  Perimeter Security Topologies  Architecture  Security Firewalls  DMZ host  Services  Goals  Tunneling in network security  Conclusion
DMZ  Portion of the network between the border router and the non-public computing services
Contd.  In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.
Perimeter Security Topologies  Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk..  Include demilitarized zones (DMZs) extranets, and intranets continued…
Trusted Networks
Semi-Trusted Networks
Untrusted Networks
Unknown Networks
Architecture Single firewall
Dual firewall
Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
Creating and Developing Your Security Design  Control secrets - What knowledge would enable someone to circumvent your system?  Know your weaknesses and how it can be exploited  Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system.  Understand your environment - Auditing tools can help you detect those unusual events.  Limit your trust: people, software and hardware
DMZ Security Firewalls  Firewall functions  Interaction of firewalls with data
DMZ host
Services  Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
DMZ Design Goals  Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic).  the firewall or router should be configured to initiate a log message or rule alert to notify administrator
Tunneling  Enables a network to securely send its data through untrusted/shared network infrastructure  Encrypts and encapsulates a network protocol within packets carried by second network  Replacing WAN links because of security and low cost  An option for most IP connectivity requirements
CONCLUSION

Recomendados

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 

Recomendados

Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Network security
Network security Network security
Network security Madhumithah Ilango
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
03 cia
03 cia03 cia
03 ciaJadavsejal
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layersDepartment of Computer Science
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Firewalls
FirewallsFirewalls
Firewallsvaishnavi
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber securityShri ramswaroop college of engineering and management
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
What is firewall
What is firewallWhat is firewall
What is firewallHarshana Jayarathna
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization InterVision Systems
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Dmz
DmzDmz
Dmztoby jesse
 
What is a VLAN and DMZ
What is a VLAN and DMZWhat is a VLAN and DMZ
What is a VLAN and DMZAvradeep Bhattacharya
 

Mais conteúdo relacionado

Mais procurados

Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security PresentationAllan Pratt MBA
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security pptSAIKAT BISWAS
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network mainKanika Gupta
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and TypesVikram Khanna
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 

Mais procurados (20)

Network Security
Network SecurityNetwork Security
Network Security
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Network Security Presentation
Network Security PresentationNetwork Security Presentation
Network Security Presentation
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Network security
Network security Network security
Network security
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
 
03 cia
03 cia03 cia
03 cia
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
Network Security ppt
Network Security pptNetwork Security ppt
Network Security ppt
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 
Virtual Private Network main
Virtual Private Network mainVirtual Private Network main
Virtual Private Network main
 
What is network security and Types
What is network security and TypesWhat is network security and Types
What is network security and Types
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
Firewall Firewall
Firewall
 
Security threats and attacks in cyber security
Security threats and attacks in cyber securitySecurity threats and attacks in cyber security
Security threats and attacks in cyber security
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Network Virtualization
Network Virtualization Network Virtualization
Network Virtualization
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 

Destaque

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Network Security
Network SecurityNetwork Security
Network Securityphanleson
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Masters thesis presentation
Masters thesis presentationMasters thesis presentation
Masters thesis presentationCelestino Pempe
 
Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Hedi Magroun
 
How to Build a B2B Website
How to Build a B2B WebsiteHow to Build a B2B Website
How to Build a B2B WebsiteDMZ Interactive
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewallpitt2k
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good PrivacyJuliano Flores
 

Destaque (20)

Dmz
DmzDmz
Dmz
 
What is a VLAN and DMZ
What is a VLAN and DMZWhat is a VLAN and DMZ
What is a VLAN and DMZ
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network Security
Network SecurityNetwork Security
Network Security
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Masters thesis presentation
Masters thesis presentationMasters thesis presentation
Masters thesis presentation
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009
 
How to Build a B2B Website
How to Build a B2B WebsiteHow to Build a B2B Website
How to Build a B2B Website
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewall
 
Dmz aa aioug
Dmz aa aiougDmz aa aioug
Dmz aa aioug
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
 
Pgp
PgpPgp
Pgp
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
PGP - Pretty Good Privacy
PGP - Pretty Good PrivacyPGP - Pretty Good Privacy
PGP - Pretty Good Privacy
 

Semelhante a Dmz

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Securityphanleson
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System AdminMD SAHABUDDIN
 

Semelhante a Dmz (20)

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Network security
Network securityNetwork security
Network security
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
 
Tivoli firewall magic redp0227
Tivoli firewall magic redp0227Tivoli firewall magic redp0227
Tivoli firewall magic redp0227
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Firewall & DMZ.pptx
Firewall & DMZ.pptxFirewall & DMZ.pptx
Firewall & DMZ.pptx
 
Firewall
FirewallFirewall
Firewall
 
محمد
محمدمحمد
محمد
 
Day4
Day4Day4
Day4
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Firewall
FirewallFirewall
Firewall
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
 
Firewalls
FirewallsFirewalls
Firewalls
 

Mais de أحلام انصارى

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...أحلام انصارى
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticأحلام انصارى
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognitionأحلام انصارى
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorأحلام انصارى
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...أحلام انصارى
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interactionأحلام انصارى
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website أحلام انصارى
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 

Mais de أحلام انصارى (20)

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in haptic
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognition
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptor
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
grid authentication
grid authenticationgrid authentication
grid authentication
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Dos presentation by ahlam shakeel
Dos presentation by ahlam shakeelDos presentation by ahlam shakeel
Dos presentation by ahlam shakeel
 
Soa
SoaSoa
Soa
 
Rbac
RbacRbac
Rbac
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
 
Image forgery and security
Image forgery and securityImage forgery and security
Image forgery and security
 
Image based authentication
Image based authenticationImage based authentication
Image based authentication
 
Cryptography
Cryptography Cryptography
Cryptography
 

Dmz

  • 1. DMZ Level of defence in private network Shaikh Fozia Shahbaz khan
  • 2. Learning Objectives  Definition  Perimeter Security Topologies  Architecture  Security Firewalls  DMZ host  Services  Goals  Tunneling in network security  Conclusion
  • 3. DMZ  Portion of the network between the border router and the non-public computing services
  • 4. Contd.  In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.
  • 5. Perimeter Security Topologies  Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk..  Include demilitarized zones (DMZs) extranets, and intranets continued…
  • 12. Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
  • 13. Creating and Developing Your Security Design  Control secrets - What knowledge would enable someone to circumvent your system?  Know your weaknesses and how it can be exploited  Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system.  Understand your environment - Auditing tools can help you detect those unusual events.  Limit your trust: people, software and hardware
  • 14. DMZ Security Firewalls  Firewall functions  Interaction of firewalls with data
  • 16. Services  Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
  • 17. DMZ Design Goals  Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic).  the firewall or router should be configured to initiate a log message or rule alert to notify administrator
  • 18. Tunneling  Enables a network to securely send its data through untrusted/shared network infrastructure  Encrypts and encapsulates a network protocol within packets carried by second network  Replacing WAN links because of security and low cost  An option for most IP connectivity requirements