Firewalls protect both the interface between the internal network and the DMZ and the DMZ and the Internet. Typically an organisation's public web servers, public email servers, web proxy servers etc. would be located in the DMZ. This enhances security in two ways. Firstly if unauthorised access to one of the servers in the DMZ is gained, this does not give access to the corporate network. Secondly, by directing all Internet traffic through proxy servers in the DMZ it is possible to prevent direct access to the Internet from the organisation's internal network. This allows tight control of both inbound and outbound traffic, allowing implementation of policies to prevent the download of software, images etc. into the organisation, and to prevent the upload of certain types of file for security reasons.
Search Encyclopedia
|
Featured Article
|