|
Papers > Technology > usage of DMZ
Featured Papers from Direct Essays |
|||
1. The MisUsage of the Word
|
|||
This is a preview of a paper to view the full text you need to signup and login.
usage of DMZ |
|||
|
... 4 DMZ 3-11 2.5 The security and scalability of the DMZ 3-12 2. ... 1 Three network segments (Untrusted Network, DMZ and Protected Network) 3-22 1. ... 4 DMZ ``DMZ is an abbreviation for ``demilitarized zone. ... A DMZ can be created by putting access control lists on your access router. ... Many commercial firewalls simply make a third interface off of the bastion host and label it the DMZ. ... 5 The security and scalability of the DMZ A common approach for an attacker is to break into a host thats vulnerable to attack, and exploit trust relationships between the vulnerable host and more interesting targets. If you are running a number of services that have different levels of security, you might want to consider breaking your DMZ into several ``security zones. This can be done by having a number of different networks within the DMZ. For example, the access router could feed two ethernets, both protected by ACLs, and therefore in the DMZ. ... ) By putting hosts with similar levels of risk on networks together in the DMZ, you can help minimize the effect of a breakin at your site. ... Could it be exploited to get at my internal network, or to change things on hosts in my DMZ? ... 1 Overall Design and implementation Figure 4: Overall Design The model in figure 4 consist the following security components: ¡P Three network segments (Untrusted Network, DMZ and Protected Network) ¡P Router A, B (Network layer firewalls) ¡P PC1, PC2 (Application proxy servers) ¡P Centralize Logging mechanisms 1. ... 1 Three network segments (Untrusted Network, DMZ and Protected Network) This firewall design model consists of three network segments: Untrusted Network, DMZ and Protected Network. ... ¡P DMZ is sit between Untrusted Network and Protected Netowork. ... Some policy controls and screening mechanisms applied onto it to protect the servers, segment and the protected network (that behind the DMZ). ... It only allow Telnet service (Port 23), FTP service (Port 21), WWW service (Port 80), SMTP service (Port 25) pass though from Untrusted Network to DMZ . Also allow WWW (Port 80) pass though from DMZ to Untrusted Network for Internal LAN suffering internet. ... Hosts inside the Protected Network can access Untrusted Network for only WWW service and FTP service, then NAT (one to many) is set for Protected Network pass though the Router B and only WWW service, FTP service are allow from Protected Network to DMZ, then Untrusted Network via NAT. Besides Syslog service (Port 514) can pass though the Router B from DMZ to Protected Network Figure 5: WWW, FTP, Syslog service in DMZ and Protected Network 1. ... Figure 6: Telnet Server (Proxy) ¡P PC2 ¡V SMTP Gateway, is an application that mediates SMTP service (port 25) between Protected network, DMZ and the Untrusted Network. ... 1 WWW service Client at the Untrusted Network can access the WWW server inside the DMZ. Router A has a policy that allow WWW traffic form Untrusted Network to DMZ. ... Router B have a policy that not allow WWW service pass though it from DMZ to Protected Network, so no WWW client that can pass though from Untrusted Network to Protected. ... Router B has a policy that allows WWW service pass though it from Protected Network to DMZ. Also, Router B has enabled NAT function, so the WWW traffice go thought Router B from Protected Network to DMZ, it will translaete the source that is private IP to a true public IP. ... There is a rule for allow WWW service go thought Router A from DMZ to Untrusted Network for only source IP is the IP at the Router B DMZ interface. ... Figure 5: WWW, FTP, Syslog service in DMZ and Protected Network 2. ... (show as Figure 5) Client at the Untrusted Network can access the FTP server inside the DMZ. Router A has a policy that allow FTP traffic form Untrusted Network to DMZ. ... Router B have a policy that not allow FTP service pass though it from DMZ to Protected Network, so no FTP client that can pass though from Untrusted Network to Protected. ... Router B have a policy that allow FTP service pass though it from Protected Network to DMZ. Also, Router B has enabled NAT function, so the FTP traffice go thought Router B from Protected Network to DMZ, it will be translates the source that is private IP to a true public IP . ... There is a rule for allow FTP service go thought Router A from DMZ to Untrusted Network for only source IP is the IP at the Router B DMZ interface. ... It can telnet to the Telnet Proxy Server that at DMZ. ... Router A has a policy that allow telnet server pass though from Untrusted Network to DMZ. ... 4 SMTP Gateway Mail messages from Untrusted Network can reach the SMTP Gateway in DMZ, then SMTP Server. ... Router B has a policy that not allows SMTP service pass though from Protected Network to DMZ. Router A also has a policy that allows SMTP service pass though from DMZ to Untrusted Network. ... Router B has a policy that allow syslog service pass though from DMZ to Protected Network. ... Figure 5: WWW, FTP, Syslog service in DMZ and Protected Network 3. |
|||
To link to this page, copy the following code to your site:
Paper Information |
|||||
Title: usage of DMZ
|
|||||
Signup & Login |
|||||
If you don't currently have a login then Signup here |
|||||
| Pre-Written Papers | |||||
|
|||||
| Custom Papers | |||||
|
|||||
Copyright 2003-2008 doingmyhomework.com. All rights reserved.