I want to create a new DMZ from scratch and I don't know how. What are the basic steps for a DMZ setup?
Fortunately, a demilitarized zone (DMZ) deployment on a network is quite simple. A DMZ is a protected middle ground network where you can deploy servers that offer services to the public. Building one is a simple matter of using a firewall with three network interface cards, configured as shown in the diagram below:
Then, using the firewall, create rules that allow the minimum necessary traffic between zones, subject to the following conditions:
- Systems from the Internet may not connect directly to the intranet.
- Systems from the intranet may not connect directly to the Internet.
The second rule is sometimes omitted for simplicity of implementation. When you do choose to implement your network in this fashion, place a proxy server in the DMZ that users may access when they wish to request information from an Internet-based Web server (for example).
The use of a DMZ implementation to isolate publicly accessible systems is one of the longest-standing principles of information security. I encourage you to pursue this avenue as quickly as possible if you have not already done so. For more information on this topic, read Placing systems in a firewall topology.
- If one server in a DMZ network gets attacked from outside, will other servers be corrupted? Read more.
- Learn whether it's a good idea to place a domain controller within a DMZ.
Dig Deeper on DMZ Setup and Configuration
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.