Log In
1 vote

What is one advantage of setting up a $DMZ$ (Demilitarized Zone) with two firewalls?

  1. You can control where traffic goes in the three networks
  2. You can do statefull packet filtering
  3. You can do load balancing
  4. Improve network performance
in Computer Networks
recategorized by

3 Answers

4 votes
Best answer

In computer networks, a DMZ (demilitarized zone) is a physical or logical sub-network that separates an internal local area network (LAN) from other untrusted networks, usually the Internet. External-facing servers, resources and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the Internet.

A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the perimeter firewall is configured to allow traffic destined to the DMZ only. The second or internal firewall only allows traffic from the DMZ to the internal network. A DMZ segments a network.

Hence,You can control where traffic goes in three networks. ANS:(A)

selected by
@Arjun @VS The next answer mentions C.

Can you please counter your answer to understand which one is correct?
2 votes

DMZ or Demilitarized Zone is an area between nation-states in which military operation is not permitted.

It is a small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public internet.

The purpose of DMZ is to add an additional layer of security to an organization's local area network. An external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled.

DMZ functions as a small, isolated network positioned between the internet and the private network.

If there is a hacking attack, the organization will get extra time to detect and address breaches before the hackers penetrate into the internal networks.

The most secure approach is to use 2 firewalls to create a DMZ. For setting up a network architecture containing a DMZ, there must be at least three interfaces.

The first firewall called "front-end" or "perimeter" firewall, which is configured to allow traffic destined to DMZ only.

Whereas, the second firewall is known as "back-end" or internal firewall, which allows traffic from the DMZ to the internal network only.

With DMZ, we can control where traffic goes in the three networks.

We can do load balancing using DMZ

[ Now, what is load balancing?

load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of. servers.


Pictorial illustration of DMZ(using Two- Firewall)


edited by
0 votes
I am confused between (a) and (c).

(a) should be the right answer , as DMZ is mainly concerned with Security.

Please let me know if (a) is correct or not.

Related questions

40 votes
3 answers
A layer-$4$ firewall (a device that can look at all protocol headers up to the transport layer) CANNOT block entire $\text{HTTP}$ traffic during $9:00PM$ and $5:00AM$ block all $\text{ICMP}$ traffic stop incoming traffic from specific $\text{IP}$ address but allow outgoing ... to the same IP address block $\text{TCP}$ traffic from a specific user on a multi-user system during $9:00PM$ to $5:00AM$
asked Sep 29, 2014 in Computer Networks jothee 10.1k views
5 votes
3 answers
In cryptography, the following uses transposition ciphers and the keyword is LAYER. Encrypt the following message. (Spaces are omitted during encrypton) WELCOME TO NETWORK SECURITY! WMEKREETSILTWETCOOCYONRU! EETSICOOCYWMEKRONRU!LTWET LTWETONRU!WMEKRCOOCYEETSI ONRU!COOCYLTWETEETSIWMEKR
asked Apr 22, 2018 in Computer Networks Arjun 4k views
2 votes
1 answer
Avalanche effect in cryptography Is desirable property of cryptographic algorithm Is undesirable property of cryptographic algorithm Has no effect on encryption algorithm None of the above
asked Apr 22, 2018 in Computer Networks Arjun 1.3k views
1 vote
4 answers
Which one of the following algorithm is not used in asymmetric key cryptography? RSA Algorithm Gillie-Hellman Algorithm Electronic Code Book Algorithm None of the above
asked Apr 22, 2018 in Computer Networks Arjun 3.7k views