Question

In: Computer Science

DMZ Architecture: What is your DMZ architecture? What devices and their function are included? How are...

DMZ Architecture: What is your DMZ architecture? What devices and their function are included? How are DMZ devices connected? How are you planning to provide security to protect the DMZ and at the same time maintaining friendly access to customers?

Solutions

Expert Solution

DMZ Network (“demilitarized zone") functions as a subnetwork containing an organization's exposed, outward-facing services. It acts as the exposed point to an untrusted networks, mainly to the Internet.

We need to :

  1. Install and maintain a firewall configuration to protect data of the customer
  2. Not use vendor supplied defaults for system passwords and other security parameters
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data across open, public networks
  5. Protect all systems against malware and regularly update antivirus software or programs
  6. Develop and maintain secure systems and applications
  7. Restrict access to user's data by 'business need to know'
  8. Identify and authenticate access to system components
  9. Restrict physical access to customer's data
  10. Track and monitor all access to network resources and data
  11. Regularly test security systems and processes
  12. Maintain a policy that addresses information security for all personnel

DMZ adds an extra layer of security to an organization's local area network. A protected and monitored network node that faces outside the internal network can access what is exposed in the DMZ, while the rest of the organization's network is safe behind a firewall.

When implemented properly, a DMZ Network gives organizations extra protection in detecting and mitigating security breaches before they reach the internal network, where valuable assets are stored.

Ways we can construct a network with a DMZ. We can create complex architectures as per network requirements:

  • Single firewall: It involves using a single firewall, with a minimum of 3 network interfaces. The DMZ will be placed Inside of this firewall. The tier of operations is as follows: the external network device makes the connection from the ISP, the internal network is connected by the second device, and connections within the DMZ is handled by the third network device.
  • Dual firewall: The more secure approach is to use two firewalls to create a DMZ. The first firewall (referred to as the “frontend” firewall) is configured to only allow traffic destined for the DMZ. The second firewall (referred to as the “backend” firewall) is only responsible for the traffic that travels from the DMZ to the internal network.

Mainly, we would Only store customer's data if necessary:

If we don't need it, we don't store it.

Retaining unencrypted cardholder data is risky and could end up being very expensive if your business falls victim to a breach.

In addition we may build an Incident Response Plan:

The key to mitigating damage following a breach is, firstly:

  • How quickly you can detect the breach

And, secondly:

  • How quickly you react to prevent further damage.

Creating and implementing an Incident Response Plan helps an organisation work through the scenarios that could result in their data being exposed. Making sure that the Incident Response Plan actually works is also very important - stress testing it, like a fire alarm is essential in helping your team to understand what to do in the case of a suspected data breach.

This way the security would be provided and also the customers can have a friendly access.


Related Solutions

DMZ Architecture: What is your DMZ architecture? What devices and their function are included? How are...
DMZ Architecture: What is your DMZ architecture? What devices and their function are included? How are DMZ devices connected? How are you planning to provide security to protect the DMZ and at the same time maintaining friendly access to customers?
DMZ. What is the purpose of implementing a DMZ in your enterprise network? Is the DMZ...
DMZ. What is the purpose of implementing a DMZ in your enterprise network? Is the DMZ just another segment of the intranet? Elaborate your answer.
what is service oriented architecture and cloud architecture and how they impact in an organization
what is service oriented architecture and cloud architecture and how they impact in an organization
A number of security devices can be placed at appropriate places in the network architecture to...
A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.
A number of security devices can be placed at appropriate places in the network architecture to...
A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.
A number of security devices can be placed at appropriate places in the network architecture to...
A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.
A number of security devices can be placed at appropriate places in the network architecture to...
A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.
A number of security devices can be placed at appropriate places in the network architecture to...
A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.
A number of security devices can be placed at appropriate places in the network architecture to...
A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports.
A number of security devices can be placed at appropriate places in the network architecture to...
A number of security devices can be placed at appropriate places in the network architecture to address certain level of security. In reference to this context, explain how a switch can be configured to monitor traffic flowing along its ports. Above lines are question for 5 marks, they haven't given any other info. Thats the whole info please if you guys can solve help me.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT