edited by
3,996 views
2 votes
2 votes

What is one advantage of setting up a $\text{DMZ}$ (Demilitarized Zone) with two firewalls?

  1. You can control where traffic goes in the three networks
  2. You can do statefull packet filtering
  3. You can do load balancing
  4. Improve network performance
edited by

3 Answers

Best answer
5 votes
5 votes

In computer networks, a DMZ (demilitarized zone) is a physical or logical sub-network that separates an internal local area network (LAN) from other untrusted networks, usually the Internet. External-facing servers, resources and services are located in the DMZ so they are accessible from the Internet but the rest of the internal LAN remains unreachable. This provides an additional layer of security to the LAN as it restricts the ability of hackers to directly access internal servers and data via the Internet.

A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the perimeter firewall is configured to allow traffic destined to the DMZ only. The second or internal firewall only allows traffic from the DMZ to the internal network. A DMZ segments a network.

Hence,You can control where traffic goes in three networks. ANS:(A)

selected by
2 votes
2 votes

DMZ or Demilitarized Zone is an area between nation-states in which military operation is not permitted.

It is a small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public internet.

The purpose of DMZ is to add an additional layer of security to an organization's local area network. An external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled.

DMZ functions as a small, isolated network positioned between the internet and the private network.

If there is a hacking attack, the organization will get extra time to detect and address breaches before the hackers penetrate into the internal networks.

The most secure approach is to use 2 firewalls to create a DMZ. For setting up a network architecture containing a DMZ, there must be at least three interfaces.

The first firewall called "front-end" or "perimeter" firewall, which is configured to allow traffic destined to DMZ only.

Whereas, the second firewall is known as "back-end" or internal firewall, which allows traffic from the DMZ to the internal network only.

With DMZ, we can control where traffic goes in the three networks.

We can do load balancing using DMZ

[ Now, what is load balancing?

load balancer is a device that acts as a reverse proxy and distributes network or application traffic across a number of. servers.

]

Pictorial illustration of DMZ(using Two- Firewall)

Source: https://supportforums.cisco.com/t5/firewalling/is-a-dmz-using-two-firewalls-better/td-p/2552339

edited by
0 votes
0 votes
Answer:

Related questions

6 votes
6 votes
3 answers
2
2 votes
2 votes
1 answer
3
Arjun asked Apr 22, 2018
2,334 views
Avalanche effect in cryptographyIs desirable property of cryptographic algorithmIs undesirable property of cryptographic algorithmHas no effect on encryption algorithmNon...
2 votes
2 votes
4 answers
4
Arjun asked Apr 22, 2018
14,234 views
Which one of the following algorithm is not used in asymmetric key cryptography?RSA AlgorithmGillie-Hellman AlgorithmElectronic Code Book AlgorithmNone of the above