1
00:00:00,600 --> 00:00:08,970
DMZ, a DMZ or a perimeter network is a means of allowing the public to access the certain network services

2
00:00:09,210 --> 00:00:12,930
while still maintaining the security of your internal devices.

3
00:00:13,320 --> 00:00:18,030
At this point, you may be thinking that's what I that's what an external does.

4
00:00:18,090 --> 00:00:19,500
External international does.

5
00:00:19,770 --> 00:00:22,140
Yes, there are some similarities between them.

6
00:00:22,140 --> 00:00:30,310
But remember, an excellent provides access to do services to trace that organization's various themes.

7
00:00:30,330 --> 00:00:36,240
It allows access to the public, no trust or after authorization is required.

8
00:00:36,750 --> 00:00:42,750
Obviously, making anything accessible to the public brings with it in here and security risks.

9
00:00:43,170 --> 00:00:49,590
So it's important that only services that are deemed as a public facing and necessary are placed there

10
00:00:49,950 --> 00:00:55,230
and that suitable security mechanisms are put in place as added protection.

11
00:00:56,230 --> 00:01:03,820
Common services that all police in the DMZ include a Web server and a domain name system, D and a server.

12
00:01:04,870 --> 00:01:09,120
So now I will write, uh, create and new diagram here.

13
00:01:09,880 --> 00:01:17,140
Lower tier, for example, uh, this will be its will our internet here.

14
00:01:20,010 --> 00:01:21,080
Double, double, double.

15
00:01:22,500 --> 00:01:25,380
So next, we will intranet here.

16
00:01:28,460 --> 00:01:30,450
In intended.

17
00:01:32,080 --> 00:01:32,500
Here.

18
00:01:33,350 --> 00:01:35,320
It's a little bit cooler, so.

19
00:01:39,370 --> 00:01:41,530
These cars to firewall.

20
00:01:46,580 --> 00:01:53,120
Here this is the firewall, so firewall, for example, in its name, it firewall me.

21
00:01:54,020 --> 00:01:54,530
And.

22
00:01:57,560 --> 00:01:59,060
I will be.

23
00:01:59,660 --> 00:02:02,420
And, uh, these five will be here.

24
00:02:02,810 --> 00:02:12,260
So this course to firewall and our firewall me goes to double double W here, so you can see here.

25
00:02:13,290 --> 00:02:24,240
Uh, so, yeah, this goes to here and actually we will need another firewall here, which will be the

26
00:02:24,390 --> 00:02:27,000
firewall a year.

27
00:02:29,110 --> 00:02:30,520
Or A.

28
00:02:35,760 --> 00:02:40,800
And then lastly, this finally goes to Internet.

29
00:02:45,360 --> 00:02:48,450
I will explain all of this here, Internet.

30
00:02:51,030 --> 00:02:52,170
Yes, Internet.

31
00:02:54,190 --> 00:02:54,550
So.

32
00:02:58,210 --> 00:03:00,700
And this is actually TMZ here.

33
00:03:01,860 --> 00:03:02,470
EMC.

34
00:03:05,470 --> 00:03:13,240
So, Emira, so this diagram shows examples of fiber placement when implementing a DMZ.

35
00:03:13,810 --> 00:03:20,800
So in this day round, we can see that the DMZ has been implemented using two firewalls in this instance

36
00:03:21,220 --> 00:03:25,330
Firewall A here, uh, firewall a.

37
00:03:26,680 --> 00:03:35,740
Uh, actually is a vote to have rules that will allow traffic requesting Web traffic and um, actually

38
00:03:35,800 --> 00:03:42,550
this firewall, they will they have rules that three traffic requesting web traffic and file will be

39
00:03:42,550 --> 00:03:43,090
here.

40
00:03:43,360 --> 00:03:48,070
We'll have rules that block inbound requests from web traffic.

41
00:03:48,520 --> 00:03:53,770
So some organizations will pass such firewalls from two different manufacturers.

42
00:03:54,220 --> 00:04:01,510
If organizations use the same firewall throughout its infrastructure and that firewall had a vulnerability,

43
00:04:01,690 --> 00:04:05,320
then the vulnerability will likely be reproduced across the network.

44
00:04:05,650 --> 00:04:13,270
However, if firewalls from different manufacturers were used, then if vulnerability in one model will

45
00:04:13,280 --> 00:04:15,520
be likely to be replicated across the network.

46
00:04:16,030 --> 00:04:26,530
So, uh, this means that, uh, firewalls is best to use different, um, manufacturers in one place.

47
00:04:26,680 --> 00:04:32,290
So a more common implementation of firewalls is the three homed firewall here.

48
00:04:32,620 --> 00:04:33,130
So.

49
00:04:34,880 --> 00:04:39,050
It's right here, let's actually create in the diagram.

50
00:04:39,510 --> 00:04:42,260
Uh, three homed, uh, three.

51
00:04:44,360 --> 00:04:48,110
So for these, uh, we will not need um.

52
00:04:49,460 --> 00:04:52,090
A firewall here, firewall.

53
00:04:54,590 --> 00:04:56,270
And to clots here.

54
00:04:59,470 --> 00:04:59,920
Here.

55
00:05:03,450 --> 00:05:07,350
This is our internet internet here.

56
00:05:08,370 --> 00:05:08,790
So.

57
00:05:10,000 --> 00:05:14,860
Make much bigger fireball here and then clocked here.

58
00:05:19,500 --> 00:05:20,340
Double, double, double.

59
00:05:24,140 --> 00:05:24,890
Oh, here.

60
00:05:26,690 --> 00:05:28,040
Is course here?

61
00:05:29,350 --> 00:05:30,660
This was here.

62
00:05:31,960 --> 00:05:32,920
And this goes here.

63
00:05:34,670 --> 00:05:35,030
So.

64
00:05:37,620 --> 00:05:44,910
This common implementation of firewalls was either named three hond firewall.

65
00:05:45,210 --> 00:05:45,890
You're late.

66
00:05:46,010 --> 00:05:47,700
Uh, it's right here.

67
00:05:47,730 --> 00:05:48,960
Three Home Firewall.

68
00:05:51,910 --> 00:05:52,750
Next year.

69
00:05:58,100 --> 00:05:58,610
The.

70
00:05:59,400 --> 00:05:59,870
On.

71
00:06:00,890 --> 00:06:01,460
All right, well.

72
00:06:07,580 --> 00:06:08,650
Three home firewall.

73
00:06:09,960 --> 00:06:17,610
So this implementation is sometimes also referred to as triple bond firewall or screen at summit.

74
00:06:18,090 --> 00:06:20,910
Each home on the firewall refers to a different network.

75
00:06:21,240 --> 00:06:25,290
So the external network, the DMZ and the internal network.

76
00:06:26,130 --> 00:06:30,030
I'll talk to, um, here, uh, in an internal network.

77
00:06:30,030 --> 00:06:30,660
So let's.

78
00:06:30,750 --> 00:06:34,650
Right here DMZ actually not, uh, w w w.

79
00:06:35,070 --> 00:06:36,270
And this is a DMZ.

80
00:06:37,810 --> 00:06:41,690
So all told, a simple firewall is being utilized.

81
00:06:41,710 --> 00:06:47,920
Each port can have different rules assigned to it, for example, port to kind of low inbound requests,

82
00:06:47,920 --> 00:06:50,650
traffic and port three can block this traffic.

83
00:06:50,980 --> 00:06:57,610
While it obviously saves the cost for only requiring one firewall, it increases the risk.

84
00:06:58,600 --> 00:07:05,290
If that one firewall is breached, then both the DMZ and the internal network called be compromised.