This scenario is recommended for businesses with the following Internet requirements:
-
All (or specified) workstations and servers need access to the Internet
-
No connection from the Internet is permitted to access the LAN
-
Corporate e-mail and web site is located at the customer premises.
In the above scenario a router with integrated Firewall and intruder detection system (IDS) is put in place between the Internet, LAN, and the DMZ. The DMZ (DeMilitarized Zone) is a dedicated network storage area for customer's applications that need to be accessed from the Internet, such as E-mail and Web servers, FTP server, Terminal server etc.
The
router acts as:
-
Connectivity device between the Internet, LAN and DMZ
-
Firewall which controls data flow, allowing specified traffic from the LAN to the Internet and DMZ as well as from Internet to the DMZ
-
Firewall to prevent all traffic originating from the Internet to access the LAN, while permitting traffic from the DMZ to access the LAN or Internet
-
IDS which alerts administrator and terminates intrusion attempts.
© 2004 Care+Net Computer Services - all rights reserved