Abtrusion Security Click here to send someone a link to this page Click here to Bookmark this page
home   products   buy   download   support   about   news   links   contact

Abtrusion Security home

Security products

Purchase Abtrusion Protector

Download of security software for Windows

Abtrusion Protector support

About Abtrusion Security

Security related news

Security links


Download Abtrusion Protector


Information for

> Corporate Management

> System Administrators

> Security Professionals

> Software Developers

> Home Users

De-militarized Zone

Make sure that your public web server is not placed inside your firewall. The public web server should be placed outside of the firewall, preferably in a so called DMZ (demilitarized zone). The same goes for the mail server and anything else that you can connect to from the Internet (it is common to use a proxy for mail traffic as well, but that is a bit out of scope for this guide).

If your firewall does not include support for a DMZ, you can create one with two firewalls in serial. The area between your firewalls is your de-militarized zone.

Ideally you should have a separate DMZ for each application server that is reachable from the Internet.

Also, consider the DMZ hostile territory. Assume that anything on the Internet will be able to get in there. Your firewall should protect your network from the DMZ just as well as it protects it from the Internet. Don't open up a lot of ports between the DMZ and the corporate network.


<< Previous                      Next >>