WEBVTT 00:00.600 --> 00:08.970 DMZ, a DMZ or a perimeter network is a means of allowing the public to access the certain network services 00:09.210 --> 00:12.930 while still maintaining the security of your internal devices. 00:13.320 --> 00:18.030 At this point, you may be thinking that's what I that's what an external does. 00:18.090 --> 00:19.500 External international does. 00:19.770 --> 00:22.140 Yes, there are some similarities between them. 00:22.140 --> 00:30.310 But remember, an excellent provides access to do services to trace that organization's various themes. 00:30.330 --> 00:36.240 It allows access to the public, no trust or after authorization is required. 00:36.750 --> 00:42.750 Obviously, making anything accessible to the public brings with it in here and security risks. 00:43.170 --> 00:49.590 So it's important that only services that are deemed as a public facing and necessary are placed there 00:49.950 --> 00:55.230 and that suitable security mechanisms are put in place as added protection. 00:56.230 --> 01:03.820 Common services that all police in the DMZ include a Web server and a domain name system, D and a server. 01:04.870 --> 01:09.120 So now I will write, uh, create and new diagram here. 01:09.880 --> 01:17.140 Lower tier, for example, uh, this will be its will our internet here. 01:20.010 --> 01:21.080 Double, double, double. 01:22.500 --> 01:25.380 So next, we will intranet here. 01:28.460 --> 01:30.450 In intended. 01:32.080 --> 01:32.500 Here. 01:33.350 --> 01:35.320 It's a little bit cooler, so. 01:39.370 --> 01:41.530 These cars to firewall. 01:46.580 --> 01:53.120 Here this is the firewall, so firewall, for example, in its name, it firewall me. 01:54.020 --> 01:54.530 And. 01:57.560 --> 01:59.060 I will be. 01:59.660 --> 02:02.420 And, uh, these five will be here. 02:02.810 --> 02:12.260 So this course to firewall and our firewall me goes to double double W here, so you can see here. 02:13.290 --> 02:24.240 Uh, so, yeah, this goes to here and actually we will need another firewall here, which will be the 02:24.390 --> 02:27.000 firewall a year. 02:29.110 --> 02:30.520 Or A. 02:35.760 --> 02:40.800 And then lastly, this finally goes to Internet. 02:45.360 --> 02:48.450 I will explain all of this here, Internet. 02:51.030 --> 02:52.170 Yes, Internet. 02:54.190 --> 02:54.550 So. 02:58.210 --> 03:00.700 And this is actually TMZ here. 03:01.860 --> 03:02.470 EMC. 03:05.470 --> 03:13.240 So, Emira, so this diagram shows examples of fiber placement when implementing a DMZ. 03:13.810 --> 03:20.800 So in this day round, we can see that the DMZ has been implemented using two firewalls in this instance 03:21.220 --> 03:25.330 Firewall A here, uh, firewall a. 03:26.680 --> 03:35.740 Uh, actually is a vote to have rules that will allow traffic requesting Web traffic and um, actually 03:35.800 --> 03:42.550 this firewall, they will they have rules that three traffic requesting web traffic and file will be 03:42.550 --> 03:43.090 here. 03:43.360 --> 03:48.070 We'll have rules that block inbound requests from web traffic. 03:48.520 --> 03:53.770 So some organizations will pass such firewalls from two different manufacturers. 03:54.220 --> 04:01.510 If organizations use the same firewall throughout its infrastructure and that firewall had a vulnerability, 04:01.690 --> 04:05.320 then the vulnerability will likely be reproduced across the network. 04:05.650 --> 04:13.270 However, if firewalls from different manufacturers were used, then if vulnerability in one model will 04:13.280 --> 04:15.520 be likely to be replicated across the network. 04:16.030 --> 04:26.530 So, uh, this means that, uh, firewalls is best to use different, um, manufacturers in one place. 04:26.680 --> 04:32.290 So a more common implementation of firewalls is the three homed firewall here. 04:32.620 --> 04:33.130 So. 04:34.880 --> 04:39.050 It's right here, let's actually create in the diagram. 04:39.510 --> 04:42.260 Uh, three homed, uh, three. 04:44.360 --> 04:48.110 So for these, uh, we will not need um. 04:49.460 --> 04:52.090 A firewall here, firewall. 04:54.590 --> 04:56.270 And to clots here. 04:59.470 --> 04:59.920 Here. 05:03.450 --> 05:07.350 This is our internet internet here. 05:08.370 --> 05:08.790 So. 05:10.000 --> 05:14.860 Make much bigger fireball here and then clocked here. 05:19.500 --> 05:20.340 Double, double, double. 05:24.140 --> 05:24.890 Oh, here. 05:26.690 --> 05:28.040 Is course here? 05:29.350 --> 05:30.660 This was here. 05:31.960 --> 05:32.920 And this goes here. 05:34.670 --> 05:35.030 So. 05:37.620 --> 05:44.910 This common implementation of firewalls was either named three hond firewall. 05:45.210 --> 05:45.890 You're late. 05:46.010 --> 05:47.700 Uh, it's right here. 05:47.730 --> 05:48.960 Three Home Firewall. 05:51.910 --> 05:52.750 Next year. 05:58.100 --> 05:58.610 The. 05:59.400 --> 05:59.870 On. 06:00.890 --> 06:01.460 All right, well. 06:07.580 --> 06:08.650 Three home firewall. 06:09.960 --> 06:17.610 So this implementation is sometimes also referred to as triple bond firewall or screen at summit. 06:18.090 --> 06:20.910 Each home on the firewall refers to a different network. 06:21.240 --> 06:25.290 So the external network, the DMZ and the internal network. 06:26.130 --> 06:30.030 I'll talk to, um, here, uh, in an internal network. 06:30.030 --> 06:30.660 So let's. 06:30.750 --> 06:34.650 Right here DMZ actually not, uh, w w w. 06:35.070 --> 06:36.270 And this is a DMZ. 06:37.810 --> 06:41.690 So all told, a simple firewall is being utilized. 06:41.710 --> 06:47.920 Each port can have different rules assigned to it, for example, port to kind of low inbound requests, 06:47.920 --> 06:50.650 traffic and port three can block this traffic. 06:50.980 --> 06:57.610 While it obviously saves the cost for only requiring one firewall, it increases the risk. 06:58.600 --> 07:05.290 If that one firewall is breached, then both the DMZ and the internal network called be compromised.