Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.

BASIC

Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement

PRO

All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

DMZ Transcription

Welcome to our DMZ Module. DMZ, or demilitarized zone is a segment of your network that is placed between the protected internal network and the unprotected or non-trusted external network, such as the Internet, you can use this area to create a semi secure buffer zone between that trusted internal network and your un trusted external network.

Here you can place resources that you want individuals outside of your network to be able to access from the internet. The resources in this zone will most likely be attacked frequently. So you want to use bastion hosts which are hardened systems, you should use a proxy server, or stateful firewall to protect the trusted network from DMZ traffic.

And you should use a packet filter firewall, with exceptions, at the network perimeter between the DMZ and the internet. The DMZ is a common place for honey pots and honey nets, which are decoy systems and networks that you place in order to attract hackers by placing these systems which actually have no valuable information on them, you are distracting attackers from attacking your actual network or actual systems.

Because when they locate the honeypot computer, or honeynet, they believe they have found a valuable target and they attempt to attack that target. When they attack the honeypot, you also determine how they attack and look at the strategies they use in order to protect your internal network computers.

Here we have a depiction of what the DMZ might look like. To the left, we have our trusted intranet internal network, which we want to protect from all external traffic and threats. We have a firewall between the trusted internet and our DMZ. In the DMZ, we an SMTP server used for mail relay.

And, we have a web server, which is hosting our website for external individuals to to view. We also place an external DNS server in the DNZ to respond to requests from outside of our network. We then have an additional firewall between DNZ and the unsecured internet. Setting up a DMZ allows you to create a screened subnet to provide resources to the public.

A screened subnet is a semi trusted network between your trusted private network and the untrusted internet. You are creating a DMZ by implementing two screening routers on either side of the DMZ. And you can also include a proxy server as one of the firewalls, you can see in the graphic at the bottom, we have our trusted private network to the left.

A router firewall protecting that trusted private network from external traffic. In our DMZ, we have an information server, an application gateway and. And an email server. And then we have another router firewall protecting the DMZ from the Internet. Here we have an example network for a corporate environment. On the left, we have our local area network. This is our private network. Which is a trusted zone where we have internal use web servers for our intranet. We have our internal DNS servers and our active directory servers, and we use ethernet switches to connect all of these devices.

In this zone we also have our client computers, which are hardened for security, and we use the physical or MAC address to communicate within this local area network. We then have our DMZ, which is our semi-trusted network with extra net access. We have a strong firewall in place separating the DMZ from our local area network.

That firewall could be a UTM, or unified threat management device. Or a proxy server. In the DMZ we can have honey pots or honey nets, a mail server, FTP server and a web server. And all of these servers could be virtualized so that they all operate on one physical machine.

We then have a weaker firewall that is used to protect our DMZ from the wide area network or the insecure internet. And that location is known as our network perimeter. This network perimeter is typically where we have our internet service provider providing us connectivity to the internet. From the Internet we can have individuals accessing our web server or e-commerce server purchasing items.

FTP server downloading files, or email servers sending and receiving email messages. And we can even have remote office, LAN, or remote users who are able to remotely connect using virtual private network technology to connect to our internal resources on our private network. Network address translation, or NAT, or port address translation, or PAT, allow as many users to share a single public IP address since IPv4 IP addresses are scarce.

This prevents IPv4 from going extinct. With network address translation, or NAT device, typically a router, has one or more IP addresses assigned, and it uses this to send and receive packets. Individual user sessions on our internal network or tracked by appending ephemeral port numbers. Ephemeral just means temporary, as these port numbers are not used for a significant amount of time.

Network address translation provides us with some security for our [INAUDIBLE] network because individuals outside the network are not able to understand the structure of our internal network because all of the traffic entering and leaving our network comes in and out on one IP address. So individuals outside of our organization are not sure the number of computers in our organization, and they are also not sure of our internal IP addressing scheme.

Here we can see on the left that we have several devices inside our network using IP addresses that begin with Octet 10 which are private IP addresses that are not publicly accessible on the internet. We then have one device which is assigned in internet or public IP address of 134.1.3.5 which allows us to connect to the internet.

That device is responsible for keeping track of all of the traffic from the internal network and forwarding it to the Internet on a single IP address, and then receiving traffic on that IP address and forwarding it back to the device that originally requested that communication. This concludes our DMZ module.

Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!