I want to create a new DMZ from scratch and I don't know how. What are the basic steps for a DMZ setup?
Fortunately, a demilitarized zone (DMZ) deployment on a network is quite simple. A DMZ is a protected middle ground network where you can deploy servers that offer services to the public. Building one is a simple matter of using a firewall with three network interface cards, configured as shown in the diagram below:
Then, using the firewall, create rules that allow the minimum necessary traffic between zones, subject to the following conditions:
- Systems from the Internet may not connect directly to the intranet.
- Systems from the intranet may not connect directly to the Internet.
The second rule is sometimes omitted for simplicity of implementation. When you do choose to implement your network in this fashion, place a proxy server in the DMZ that users may access when they wish to request information from an Internet-based Web server (for example).
The use of a DMZ implementation to isolate publicly accessible systems is one of the longest-standing principles of information security. I encourage you to pursue this avenue as quickly as possible if you have not already done so. For more information on this topic, read Placing systems in a firewall topology.
- If one server in a DMZ network gets attacked from outside, will other servers be corrupted? Read more.
- Learn whether it's a good idea to place a domain controller within a DMZ.
Dig Deeper on DMZ Setup and Configuration
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.