DMZ'nin Amacı Nedir?
Açıklaması şöyle. Yani sunucularımıza nasıl olsa saldırı olacak ancak tüm kurumdaki bilgisayarları da aynı tehlikeli bölgeye koymaya da gerek yok.
The reason to have a DMZ -- the purpose to all this isolation -- is to keep the public, internet facing services in a place that their compromise doesn't expose your entire enterprise. The DMZ is where you put the "dirty" systems -- the things people are going to attack. They're kept in their own network with their own set of extremely restrictive access rules where they can be monitored diligently.
DMZ'de bulunan bir web sunucu, iç ağda bulunan veri tabanına erişebilir. Böylece veri tabanı internete açılabilir.
Genellikle iki çeşit DMZ konfigürasyonu var
1. Tek firewall kullanan DMZ
2. Çift firewall kullanan DMZ
Tek Firewall Kullanan DMZ
Açıklaması şöyle
The firewall has three interfaces each attached to a network. Hosts in the DMZ would need to traverse the firewall to reach systems in the private network,... . The private network can access the Internet and the DMZ to use its services or manage the servers.
Çift Firewall Kullanan DMZ
Açıklaması şöyle
Other DMZ designs use two serial firewalls, with the DMZ in between. This setup is more complicated but adds another layer of security. In the first design, if the firewall is compromised due to a vulnerability or is somehow misconfigured the private network might be exposed to attacks. With two firewalls between the external and the private network now two devices would need to be compromised to get access. We can add even more security employing two different firewall vendors so an exploit found in one is unlikely to be present in the other, although this also adds more complexity.
Açıklaması şöyle
Having one firewall for internal LANs, and one for DMZ(s) does provide greater isolation between the two. The DMZ(s) can be completely, physically, isolated from the rest of the enterprise. Rarely is that level of security and isolation required. (military, banks, etc.)
Hiç yorum yok:
Yorum Gönder