SlideShare ist ein Scribd-Unternehmen logo

Dmz

Als PPT, PDF herunterladen
أحلام انصارى
أحلام انصارى
1 von 19
DMZ Level of defence in private network Shaikh Fozia Shahbaz khan
Learning Objectives  Definition  Perimeter Security Topologies  Architecture  Security Firewalls  DMZ host  Services  Goals  Tunneling in network security  Conclusion
DMZ  Portion of the network between the border router and the non-public computing services
Contd.  In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.
Perimeter Security Topologies  Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk..  Include demilitarized zones (DMZs) extranets, and intranets continued…
Trusted Networks
Semi-Trusted Networks
Untrusted Networks
Unknown Networks
Architecture Single firewall
Dual firewall
Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
Creating and Developing Your Security Design  Control secrets - What knowledge would enable someone to circumvent your system?  Know your weaknesses and how it can be exploited  Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system.  Understand your environment - Auditing tools can help you detect those unusual events.  Limit your trust: people, software and hardware
DMZ Security Firewalls  Firewall functions  Interaction of firewalls with data
DMZ host
Services  Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
DMZ Design Goals  Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic).  the firewall or router should be configured to initiate a log message or rule alert to notify administrator
Tunneling  Enables a network to securely send its data through untrusted/shared network infrastructure  Encrypts and encapsulates a network protocol within packets carried by second network  Replacing WAN links because of security and low cost  An option for most IP connectivity requirements
CONCLUSION

Empfohlen

Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Cloud Security Top Threats
Cloud Security Top ThreatsCloud Security Top Threats
Cloud Security Top ThreatsTiago de Almeida
 

Empfohlen

Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Firewall DMZ Zone
Firewall DMZ ZoneFirewall DMZ Zone
Firewall DMZ ZoneNetProtocol Xpert
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
Cloud Security Top Threats
Cloud Security Top ThreatsCloud Security Top Threats
Cloud Security Top ThreatsTiago de Almeida
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Information Security
Information SecurityInformation Security
Information SecurityDhilsath Fathima
 
Firewall
FirewallFirewall
Firewallreddivarihareesh
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 AuthenticationInformation Technology
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric CryptographyUTD Computer Security Group
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Dmz
DmzDmz
Dmztoby jesse
 
What is a VLAN and DMZ
What is a VLAN and DMZWhat is a VLAN and DMZ
What is a VLAN and DMZAvradeep Bhattacharya
 

Weitere ähnliche Inhalte

Was ist angesagt?

The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment modelsAshok Kumar
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security PresentationAjay p
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityNinh Nguyen
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 

Was ist angesagt? (20)

The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Cloud deployment models
Cloud deployment modelsCloud deployment models
Cloud deployment models
 
Information Security
Information SecurityInformation Security
Information Security
 
Firewall
FirewallFirewall
Firewall
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
Cloud security Presentation
Cloud security PresentationCloud security Presentation
Cloud security Presentation
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Asymmetric Cryptography
Asymmetric CryptographyAsymmetric Cryptography
Asymmetric Cryptography
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 

Andere mochten auch

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Network Security
Network SecurityNetwork Security
Network Securityphanleson
 
Digital certificates
Digital certificates Digital certificates
Digital certificates Sheetal Verma
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Masters thesis presentation
Masters thesis presentationMasters thesis presentation
Masters thesis presentationCelestino Pempe
 
Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Hedi Magroun
 
How to Build a B2B Website
How to Build a B2B WebsiteHow to Build a B2B Website
How to Build a B2B WebsiteDMZ Interactive
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewallpitt2k
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingWon Ju Jub
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacyPushkar Dutt
 

Andere mochten auch (20)

Dmz
DmzDmz
Dmz
 
What is a VLAN and DMZ
What is a VLAN and DMZWhat is a VLAN and DMZ
What is a VLAN and DMZ
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network Security
Network SecurityNetwork Security
Network Security
 
Digital certificates
Digital certificates Digital certificates
Digital certificates
 
Firewall
Firewall Firewall
Firewall
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Masters thesis presentation
Masters thesis presentationMasters thesis presentation
Masters thesis presentation
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009Dmz - Hedi Magroun - Nafta - 2009
Dmz - Hedi Magroun - Nafta - 2009
 
How to Build a B2B Website
How to Build a B2B WebsiteHow to Build a B2B Website
How to Build a B2B Website
 
Zone Based Policy Firewall
Zone Based Policy FirewallZone Based Policy Firewall
Zone Based Policy Firewall
 
Dmz aa aioug
Dmz aa aiougDmz aa aioug
Dmz aa aioug
 
Ethical Hacking & Penetration Testing
Ethical Hacking & Penetration TestingEthical Hacking & Penetration Testing
Ethical Hacking & Penetration Testing
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Digital Certificate
Digital CertificateDigital Certificate
Digital Certificate
 
Pgp
PgpPgp
Pgp
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 

Ähnlich wie Dmz

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Securityphanleson
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System AdminMD SAHABUDDIN
 
Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber SecurityAnand Kater
 

Ähnlich wie Dmz (20)

Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Network security
Network securityNetwork security
Network security
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
 
IBM zEnterprise System - Network Security
IBM zEnterprise System - Network SecurityIBM zEnterprise System - Network Security
IBM zEnterprise System - Network Security
 
Tivoli firewall magic redp0227
Tivoli firewall magic redp0227Tivoli firewall magic redp0227
Tivoli firewall magic redp0227
 
Ecommerce final ppt
Ecommerce final pptEcommerce final ppt
Ecommerce final ppt
 
Firewall & DMZ.pptx
Firewall & DMZ.pptxFirewall & DMZ.pptx
Firewall & DMZ.pptx
 
Firewall
FirewallFirewall
Firewall
 
محمد
محمدمحمد
محمد
 
Day4
Day4Day4
Day4
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewall & its Services
Firewall & its ServicesFirewall & its Services
Firewall & its Services
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Network security and System Admin
Network security and System AdminNetwork security and System Admin
Network security and System Admin
 
Firewalls
FirewallsFirewalls
Firewalls
 
Presentation on Cyber Security
Presentation on Cyber SecurityPresentation on Cyber Security
Presentation on Cyber Security
 

Mehr von أحلام انصارى

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...أحلام انصارى
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticأحلام انصارى
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognitionأحلام انصارى
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorأحلام انصارى
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...أحلام انصارى
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interactionأحلام انصارى
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website أحلام انصارى
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control أحلام انصارى
 

Mehr von أحلام انصارى (20)

An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...An Enhanced Independent Component-Based Human Facial Expression Recognition ...
An Enhanced Independent Component-Based Human Facial Expression Recognition ...
 
Intention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in hapticIntention recognition for dynamic role exchange in haptic
Intention recognition for dynamic role exchange in haptic
 
Noise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech RecognitionNoise Adaptive Training for Robust Automatic Speech Recognition
Noise Adaptive Training for Robust Automatic Speech Recognition
 
Human behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptorHuman behaviour analysis based on New motion descriptor
Human behaviour analysis based on New motion descriptor
 
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
Recognizing Human-Object Interactions in Still Images by Modeling the Mutual ...
 
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer InteractionMultimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
Multimodal Biometric Human Recognition for Perceptual Human–Computer Interaction
 
Security issues in cloud database
Security issues in cloud database Security issues in cloud database
Security issues in cloud database
 
Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website Html5 offers 5 times better ways to hijack the website
Html5 offers 5 times better ways to hijack the website
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
grid authentication
grid authenticationgrid authentication
grid authentication
 
Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)Security As A Service In Cloud(SECaaS)
Security As A Service In Cloud(SECaaS)
 
Dos presentation by ahlam shakeel
Dos presentation by ahlam shakeelDos presentation by ahlam shakeel
Dos presentation by ahlam shakeel
 
Soa
SoaSoa
Soa
 
Rbac
RbacRbac
Rbac
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
 
Image forgery and security
Image forgery and securityImage forgery and security
Image forgery and security
 
Image based authentication
Image based authenticationImage based authentication
Image based authentication
 
Cryptography
Cryptography Cryptography
Cryptography
 

Dmz

  • 1. DMZ Level of defence in private network Shaikh Fozia Shahbaz khan
  • 2. Learning Objectives  Definition  Perimeter Security Topologies  Architecture  Security Firewalls  DMZ host  Services  Goals  Tunneling in network security  Conclusion
  • 3. DMZ  Portion of the network between the border router and the non-public computing services
  • 4. Contd.  In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.
  • 5. Perimeter Security Topologies  Any network that is connected (directly or indirectly) to your organization, but is not controlled by your organization, represents a risk..  Include demilitarized zones (DMZs) extranets, and intranets continued…
  • 12. Network Address Translation (NAT)  Internet standard that enables a LAN to use one set of IP addresses for internal traffic and a second set for external traffic  Provides a type of firewall by hiding internal IP addresses  Enables a company to use more internal IP addresses.
  • 13. Creating and Developing Your Security Design  Control secrets - What knowledge would enable someone to circumvent your system?  Know your weaknesses and how it can be exploited  Limit the scope of access - create appropriate barriers in your system so that if intruders access one part of the system, they do not automatically have access to the rest of the system.  Understand your environment - Auditing tools can help you detect those unusual events.  Limit your trust: people, software and hardware
  • 14. DMZ Security Firewalls  Firewall functions  Interaction of firewalls with data
  • 16. Services  Typically contains devices accessible to Internet traffic  Web (HTTP) servers  FTP servers  SMTP (e-mail) servers  DNS servers
  • 17. DMZ Design Goals  Filtering DMZ traffic would identify  traffic coming in from the DMZ interface of the firewall or  router that appears to have a source IP address on a network other the DMZ network number (spoofed traffic).  the firewall or router should be configured to initiate a log message or rule alert to notify administrator
  • 18. Tunneling  Enables a network to securely send its data through untrusted/shared network infrastructure  Encrypts and encapsulates a network protocol within packets carried by second network  Replacing WAN links because of security and low cost  An option for most IP connectivity requirements