DMZ Explained | Demilitarised Zone
Вставка
- Опубліковано 8 тра 2023
- Join the Discord Server!
/ discord
---------------------
MY FULL CCNA COURSE
📹 CCNA - certbros.teachable.com/p/cisc...
FREE CCNA FLASHCARDS
🃏 CCNA Flashcards - certbros.com/ccna/flashcards
HOW TO PASS THE CCNA
📚 Get a great book - amzn.to/3f16QA5
📹 Take a video course - certbros.teachable.com/p/cisc...
✔ Use practice exams - www.certbros.com/ccna/Exsim
SOCIAL
🐦 Twitter - / certbros
📸 Instagram - / certbros
👔 LinkedIn - / certbros
💬 Discord - www.certbros.com/discord
Disclaimer: These are affiliate links. If you purchase using these links, I'll receive a small commission at no extra charge to you.
---------------------------------------------------------------------------------------------------------------
What is a DMZ?
Well, the name comes from the military.
In military terms, it's an area where military activity is forbidden, often along borders. A well-known example of a Demilitarised Zone is the border between North and South Korea.
A DMZ, in computer terms, is similar. It's an area of a network where security rules and policies are more relaxed.
But, why on earth would you want to relax security policies?
Well, imagine you have a web server. You install it in your network just like all of your other devices.
You want people to access your web server and visit your website right? So you allow public access to your web server through your router and firewall.
Great, so now people can come and browse your website, www.example.com, and the request will be sent to your web server sitting inside your network.
Now, this may seem fine, but it leaves you vulnerable to attacks. Web servers and websites are not bulletproof, and they require a lot of work to keep maintained, up-to-date and secure.
Let's say an attacker targets your website, and that attacker can get access to the web server itself. This is where the problems start.
Because our web server is installed alongside our other corporate servers and workstations, the attacker can now start to attack these machines from the web server. With a bit of luck, the attacker could gain access to the entire network. This is called lateral movement.
From here, it's really up to the attacker what they do next. It could be the exfiltration of your data or infecting your systems with ransomware, which will encrypt your data.
So, what is the solution?
Instead of installing the web server in the corporate network, we can install it into its own network called a DMZ.
A DMZ is created with two firewalls. The first firewall allows public access to our web server; the second firewall blocks public access.
If an attacker can access our web server, they may try to get lateral movement by attacking other machines in the network. Well, because we have separated this web server into its own network, there are no other machines to attack, and our second firewall blocks access to our corporate network.
So, while the web server has been compromised, the DMZ allows us to contain the attack to just that web server.
This dramatically reduces the cyber attack's impact and makes the hacker sad. Meanwhile, the rest of the corporate network is unharmed and operating as normal.
This video is honestly one of the most simple, yet clearly explained real life execution of a DMZ. I work in It Security and i've watched hundreds of videos that try to explain this concept but fail because of their lack of application. Videos that simplify concepts to a basic level help people learn better. Great job! 👍
I'm a beginner and I simply love the way you explained with with animation and pictures. Thanks a bunch!!!
mate u are amazing u helped me a lot keep going never seen any simple way more then that
appreciated as always, one of the best at making learning enjoyable and easy to absorb
I love you for creating this video and explaining so beautifully ❤
How does having 2 firewalls provide better security & redundancy?
The firewalls are protecting different elements.
If one firewall goes down the internal traffic won’t be getting out since it’s in the path of outgoing traffic….?
Great video thanks for the animation to further drive the concept home.
Wish you big growth!🎉❤
Hey please keep uploading CCNA related videos.. lot's of love 🤗❤
Great overview - cheers Sam!
Thank you! Glad you liked it
This is super useful. Thank you!
Great stuff as always! 💚
It's always a good day when Boson shows up in your comment sections! 😁
Thank you!
Thank you !!!
Awesome!
Perfect!
Subscribed, sir! This is great stuff.
Thank you! Happy you enjoyed the video.
Excellent explanation 🎉❤
Thank you for the info brother.
You're welcome!
Great simplified explanation AND application. Since watching I'm thinking the public facing network should be on a separate provider circuit.
Thank you
Good stuff 👍
Thank you as always Orley!!
then how the web server talks to the backend?
Hi CertBros. I just checked your website. The CCNA course is already available to purchase?
Hi Chochanga. Yes you can purchase the course by going to courses.certbros.com. Hope to see you there 😎
@@Certbros great! When did you finished it?
If you block any other traffic (source WAN, destination any, port any, action - deny) then how workstations can browse Internet?
Great question! Most firewalls are statefull. This means that if traffic is allowed out, then it will be allowed back in. I didn't show outbound rules here because they're not relevant to DMZs. Hope that helps!
@@Certbros Thank you for your clear explanation ☺️ that makes sense
Is it DM-Zed or DM-Zee? 🤔
DM- Zee is the correct pronunciation currently being used in the industry
@@rahulsinghpatel9621 It was rhetorical, they are aware of that, they are poking fun at his accent.
DM Zed THANK YOU FOR SAYING IT PROPERLY AND NOT SUBMITTING TO THE …. (You know who) 😅
i was looking for DMZ call of duty but i stayed
cool
❤
👍
D EM ZED
😂
D EM ZEE
wth?? just in time
Great job
You cannot create with vlans.