Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

DMZ architecture

I am building a new LAN in my company and we require to include one or several DMZ.

Anyone has a document explaining the purpose and methods for building a DMZ ?

Thanks

  • Other Security Subjects
1 REPLY

Re: DMZ architecture

DMZ can be assumed as transit/neutral area to limit external users/traffic coming into any network. Access typically terminated to servers/services hosted in this area. This is to prevent internal network from being directly access by outsider as internal network is viewed as the most secure place in your network and must be protected accordingly.

Typically, you need to do address translation when allowing traffic from DMZ coming or talking to your internal resources. But in certain cases/scenario, you probably can skip this.

The existance of several DMZs in network is meant to host different group of services/servers/resources, i.e DMZ1 to host common/general public webservers/Portal, DMZ2 to host your VPN/remote access services, DMZ3 to host secure e-commerce servers/front-end servers, DMZ4 to host routers/link to extranet/partner network and so on.

This design allows you to contain traffic to indiviual DMZ, prevent/limit threats escalation and flexibility in network design.

There are many docs & guidelines when designing and creating DMZ.

Ref:

http://www.cisco.com/en/US/products/ps6120/products_getting_started_guide_chapter09186a0080686104.html

http://www.bgpbook.com/introconceptsdmz.html

http://www.ssimail.com/Zoneguard.htm

http://support.microsoft.com/kb/191146

HTH

AK

437
Views
0
Helpful
1
Replies
This widget could not be displayed.