In today's technological world there are many vulnerabilities to the computer networks. If a malicious attacker exposes these vulnerabilities your business could be interrupted causing you thousands of dollars in damage. Not only could you lose business by your network going down but also by the lack in consumer confidence, and the possible penalties imposed on you by the government for not properly securing your customers vital information. There are several methods or concepts available to the network administrators to help them in securing their networks. The concept of defense-in depth, which is a concept that uses multiple defense strategies. This is a concept that all network administrators and security personnel should practice. Using this method will add several layers of security to your network. Two of those concepts or solutions are DMZ's (Demilitarized Zones) and IDS's (Intrusion Detection Systems). A DMZ is a neutral area between your private, or internal network, and public networks, which are commonly known as the Internet, where you can place services that need to have access and be accessed by the public network. A IDS is a solution or system that if managed and configured properly will assist in the protection of your network by telling you if someone has attempted to gain access or has gained access to your network.
There are two basic types DMZ's, which are back to back and three homed. The back-to-back is placed between two firewalls, which are either program or hardware setups used to block unwanted traffic. The three-homed DMZ is one that has three separate networks. One network goes to the public network, the other goes to your private network, and the third is the one that contains those machines that are running the applications or services that you have in your DMZ. Each company can configure their DMZ with whatever services they want, so although they might be the same basic type they will still be different. One can also have...
Bibliography: Intrusion Detection on a large network, by Jason Botwick. Submitted February 23, 2004
Using Integrated Security Platforms to Improve Network Security and Reduce Total Cost of Ownership. By Al Cooley. Released on October 24, 2003
Please join StudyMode to read the full document