I want to create a new DMZ from scratch and I don't know how. What are the basic steps for a DMZ setup?
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Fortunately, a demilitarized zone (DMZ) deployment on a network is quite simple. A DMZ is a protected middle ground network where you can deploy servers that offer services to the public. Building one is a simple matter of using a firewall with three network interface cards, configured as shown in the diagram below:
Then, using the firewall, create rules that allow the minimum necessary traffic between zones, subject to the following conditions:
- Systems from the Internet may not connect directly to the intranet.
- Systems from the intranet may not connect directly to the Internet.
The second rule is sometimes omitted for simplicity of implementation. When you do choose to implement your network in this fashion, place a proxy server in the DMZ that users may access when they wish to request information from an Internet-based Web server (for example).
The use of a DMZ implementation to isolate publicly accessible systems is one of the longest-standing principles of information security. I encourage you to pursue this avenue as quickly as possible if you have not already done so. For more information on this topic, read Placing systems in a firewall topology.
- If one server in a DMZ network gets attacked from outside, will other servers be corrupted? Read more.
- Learn whether it's a good idea to place a domain controller within a DMZ.
Dig Deeper on DMZ Setup and Configuration
Related Q&A from Mike Chapple
A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach ...continue reading
The proposed CFTC regulations on cybersecurity testing are set to finalize in 2016. Expert Mike Chapple discusses the effects these regulations have ...continue reading
Whether Apple is a HIPAA covered entity was called into question when it advertised for a health regulations lawyer. Expert Mike Chapple discusses ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.