3,175 views

What is one advantage of setting up a $\text{DMZ}$ (Demilitarized Zone) with two firewalls?

1. You can control where traffic goes in the three networks
2. You can do statefull packet filtering
3. You can do load balancing
4. Improve network performance

In computer networks, a DMZ (demilitarized zone) is a physical or logical sub-network that separates an internal local area network (LAN) from other untrusted networks, usually the Internet. External-facing servers, resources and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the Internet.

A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the perimeter firewall is configured to allow traffic destined to the DMZ only. The second or internal firewall only allows traffic from the DMZ to the internal network. A DMZ segments a network.

Hence,You can control where traffic goes in three networks. ANS:(A)

by

### 1 comment

@Arjun @VS The next answer mentions C.

DMZ or Demilitarized Zone is an area between nation-states in which military operation is not permitted.

It is a small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public internet.

The purpose of DMZ is to add an additional layer of security to an organization's local area network. An external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled.

DMZ functions as a small, isolated network positioned between the internet and the private network.

If there is a hacking attack, the organization will get extra time to detect and address breaches before the hackers penetrate into the internal networks.

The most secure approach is to use 2 firewalls to create a DMZ. For setting up a network architecture containing a DMZ, there must be at least three interfaces.

The first firewall called "front-end" or "perimeter" firewall, which is configured to allow traffic destined to DMZ only.

Whereas, the second firewall is known as "back-end" or internal firewall, which allows traffic from the DMZ to the internal network only.

With DMZ, we can control where traffic goes in the three networks.

We can do load balancing using DMZ

[ Now, what is load balancing?

load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of. servers.

]

Pictorial illustration of DMZ(using Two- Firewall)

### 1 comment

I am confused between (a) and (c).

(a) should be the right answer , as DMZ is mainly concerned with Security.

Please let me know if (a) is correct or not.