Introduction to DMZ host (router)

Source: Internet
Author: User

DMZ host (router) Introduction DMZ host provides different security levels for different resources, you can consider building a region called "Demilitarized Zone" (DMZ. DMZ can be understood as a special network area different from the Internet or intranet. DMZ usually stores some public servers without confidential information, such as Web, Mail, and FTP. In this way, visitors from the Internet can access services in DMZ, but they cannot access company secrets or private information stored in the intranet. Even if the DMZ server is damaged, the confidential information in the Intranet is not affected. The ip address of the DMZ host is the ip address of a machine on your intranet, so that all Internet packets will point to that machine. If your machine does not provide websites or other network services, do not set them. DMZ is not open to all ports on your computer. DMZ is the abbreviation of "demilitarized zone ". It is a buffer zone between a non-security system and a security system to solve the problem that the external network cannot access the internal network server after the firewall is installed, this buffer zone is located in a small network area between the enterprise's internal network and the external network. Some public server facilities can be placed in this small network area, such as Enterprise Web servers, FTP servers, and forums. On the other hand, such a DMZ region protects the internal network more effectively, because such network deployment, compared with the general firewall solution, for attackers, there is another level. When planning a network with DMZ, we can clarify the access relationships between networks and determine the following six access control policies. 1. users who can access the Internet over the Intranet need to access the Internet freely. In this policy, the firewall needs to convert the source address. 2. You can access DMZ through the Intranet. This policy is used to facilitate Intranet users to use and manage servers in DMZ. 3. The Internet cannot access the Intranet. Obviously, the Intranet stores internal company data, which cannot be accessed by Internet users. 4. the servers in DMZ can be accessed over the Internet to provide services to the outside world. Therefore, DMZ must be accessible over the Internet. At the same time, the firewall needs to convert the external address to the actual address of the server to access DMZ from the Internet. 5. It is obvious that DMZ cannot access the Intranet. if this policy is violated, when the intruders break into DMZ, they can further attack important data in the intranet. 6. This policy does not allow DMZ to access the Internet. For example, when an email server is placed in DMZ, it needs to access the Internet. Otherwise, it will not work properly. ============================== What is "DMZ "? That is, areas that cannot be directly accessed through the Intranet or the Internet are mostly used to connect to public servers such as WWW servers. This is a special network setting set for external users to access the internal network: assume that the background is 192.168.1.1 IE---192.168.1.1-login-set up the network (each computer can be assigned a specified IP) --- locate --- forwarding rule --- DMZ --- (search for the IP address of the DMZ host --- enter the IP address of the host --- save --

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.