A DMZ, or de-militarized zone, is a network that you can build that connects to the Internet. In this network are all the machines that must talk to the Internet but doesn’t contain any of the machines used by your employees.
The purpose of this DMZ is it allows your company to protect the machines on this network so they can only accept connections securely and the traffic on this network is expected to be either non-critical information of any critical data is encrypted. This way if any of the servers in the DMZ become compromised, then only the DMZ is at risk.
Some companies may need multiple levels of DMZ. As an example, if the company has a web server that connects users to their personal data, having the web server and its necessary support servers on one DMZ and the secured database supplying the web server data on another DMZ will prevent everything from becoming compromised. Furthermore, it prevents open attacks against the database server from the Internet.
A hacker would have to successfully break into a machine on the DMZ and then use that machine to try to attack the other DMZ or local network. This is generally more work that it’s worth and most importantly slowing down the attack allows your company time to recognize the attack and either thwart it or call in the authorities and put another hacker in jail.
If you’re only serving up a website, you still need an DMZ.
Contact us for information and help setting up a secure DMZ.