DMZ (CISSP Free by Skillset.com)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to our DMZ module the DMZ or demilitarized zone is a segment of your network that is placed between the protected internal network and the unprotected or non trusted external network such as the internet you can use this area to create a semi secure buffer zone between that trusted internal network and your untrusted external network here you can place resources that you want individuals outside of your network to be able to access from the internet the resources in this zone will most likely be attacked frequently so you want to use Bastion hosts which are hardened systems you should use a proxy server or stateful firewall to protect the trusted network from DMZ traffic and you should use a packet filter firewall with exceptions at the network perimeter between the DMZ and the Internet the DMZ is a common place for honey pots and honey nets which are decoys systems and networks that you place in order to attract attackers by placing these systems which actually have no valuable information on them you are distracting attackers from attacking your actual network or actual systems because when they locate the honeypot computer or honey net they believe they have found a valuable target and they attempt to attack that target when they attack the honeypot you can also determine how they attack and look at the strategies they use in order to protect your internal network computers here we have a depiction of what the dmz might look like to the left we have our trusted intranet internal network which we want to protect from all external traffic and threats we have a firewall between the trusted intranet and our DMZ in the DMZ we have an SMTP server used for mail relay and we have a web server which is hosting our website for external individuals to view we also place an external DNS server in the DMZ to respond to requests from outside of our network we then have an additional firewall between the DMZ and the unsecure Internet setting up a DMZ allows you to create a screened subnet to provide resources to the public a screened subnet is a semi trusted Network between your trusted private network and the untrusted internet you are creating a DMZ by implementing to screening routers on either side of the DMZ and you can also include a proxy server as one of the firewalls you can see in the graphic at the bottom we have our trusted private network to the left a router firewall protecting that trusted private network from external traffic in order dmz we have an information server an application gateway and an email server and then we have another router firewall protecting the DMZ from the internet here we have an example network for a corporate environment on the Left we have our local area network this is our private network which is a trusted zone where we have internally used web servers for our intranet we have our internal DNS servers and our Active Directory servers and we use Ethernet switches to connect all of these devices in this zone we also have our client computers which are hardened for security and we use the physical or MAC address to communicate within this local area network we then have our DMZ which is our semi trusted network with extranet access we have a strong firewall in place separating the DMZ from our local area network that firewall could be a UTM or unified threat management device or a proxy server in the DMZ we can have honey pots or honey nets a mail server FTP server and a web server and all of these servers could be virtualized so that they all operate on one physical machine we then have a weaker firewall that is used to protect our DMZ from the wide area network or the insecure Internet and that location is known as our network perimeter this network perimeter is typically where we have our Internet service provider providing us connectivity to the internet from the internet we can have Jools accessing our web server our e-commerce server purchasing items FTP server downloading files or email servers sending and receiving email messages and we can even have remote office land or remote users who are able to remotely connect using Virtual Private Network technology to connect to our internal resources on our private network network address translation or NAT or port address translation or Pat allows many users to share a single public IP address since IP version 4 IP addresses are scarce this prevents IP version 4 from going extinct with network address translation or NAT device typically a router has one or more IP addresses assigned and it uses this to send and receive packets individual user sessions on our internal network or tracked by appending ephemeral port numbers ephemeral just means temporary as these port numbers are not used for a significant amount of time network address translation provides us with some security for our internal network because individuals outside the network are not able to understand the structure of our internal network because all of the traffic entering and leaving our network comes in and out on one IP address so individuals outside of our organization are not sure the number of computers in our organization and they are also not sure of our internal IP addressing scheme here we can see on the left that we have several devices inside our network using IP addresses that begin with the octet 10 which our private IP addresses that are not publicly accessible on the Internet we then have one device which is assigned an Internet or public IP address of 1 3 4.1 3.5 which allows us to connect to the Internet that device is responsible for keeping track of all of the traffic from the internal network and forwarding it to the Internet on a single IP address and then receiving traffic on that IP address and forwarding it back to the device that originally requested that communication this concludes our PMZ module thank you for watching you
Info
Channel: Skillset
Views: 41,623
Rating: 4.9490447 out of 5
Keywords: cissp, cissp free, dmz, skillset
Id: 8TaxrwDPEnw
Channel Id: undefined
Length: 7min 19sec (439 seconds)
Published: Tue May 03 2016
Related Videos
What is a DMZ? (Demilitarized Zone)
PowerCert Animated Videos
897K
Cisco Umbrella Product Overview
work oholic
13K
CompTIA Network+ Certification Video Course
PowerCert Animated Videos
3.5M
Lesson 3: Common Mistakes and Best Practices for Designing Network Security Zones
AlgoSec
52K
Knowledge Nugget: DMZ
Willie Howe
13K
TCP/IP and Subnet Masking
Eli the Computer Guy
3.5M
pfSense - Basic LAN Firewall Rules
Gateway IT Tutorials
28K
Traceroute (tracert) Explained - Network Troubleshooting
PowerCert Animated Videos
176K
IPCONFIG Explained - Flush DNS Cache
PowerCert Animated Videos
239K
Honeynet and DMZ
Sunny Classroom
66K
04 Fortinet firewall training, config interface Zones and ipv4 policy WAN/LAN/DMZ in fortigate
InterNetwork Training
21K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.