Course 10 - Network Security Methods
In networking, a demilitarized zone (DMZ) refers to the virual space surrounding a local area network (LAN). It serves as a space where security measures can be implemented before data enters and exits the network or certain devices.
A firewall is a network level device that is able to filter data in a network for security. This is also an example of a device that would be placed in theDMZ. This means that firewalls can allow and block packets from different IP addresses, ports, etc. It can blacklist or whitelist. Additionally, there are two types of firewalls: stateless and stateful. A stateless firewall has the ability to block and allow data as necessary. However, stateful firewalls are more advanced and can make detailed analyses of packets. This allows them to keep track of additional information beyond safety that they can filter.
A proxy server is a server that is meant to analyze packets during transit. A proxy server is strategically placed in a network and acts as a checkpoint where packets can be analyzed. If the data is not found to be malicious or poorly formatted in any way, the proxy server will allow the packets to continue to their destination.
Other software and methods that are used outside of the network layer can also be implemented here as well. Examples of these include intrusion detection and prevention systems (IDS and IPS) as well as acess control. Controlling access to different parts of a network can also add increased security and is important to any part of a system. It also serves to implement separation of concerns or least privilege. If you want to know more about any of these concepts, go to Course 4.
Course 11 is currently under progress. Please come back later!
Back to Course Content>