Let's handle the placement first. The DMZ is placed in conjunction with
your firewall. If you have a dual-bastion type firewall, the DMZ is between
the bastion hosts that make up the firewall. If you have a single firewall
machine, the DMZ is on an interface of the firewall that is separate from
the rest of the network that it is protecting.
The main purpose for a DMZ is to provide a place for systems on your
network that need to have less protection than the rest of your systems.
Examples of such systems include those that must be able to be seen
by the rest of the Internet, such as Web and e-mail servers. The DMZ
segment of your network must use public IP addressing, whereas the
rest of your network can use private IP addresses using Network Address
Translation in the firewall to allow communications.
The SANS Institute has a paper entitled
Designing a
DMZ
that provides much more information on this topic.
Search and Browse the Expert Answer Center Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.
