In: Computer Science
DMZ Architecture: What is your DMZ architecture? What devices and their function are included? How are DMZ devices connected? How are you planning to provide security to protect the DMZ and at the same time maintaining friendly access to customers?
DMZ Network (“demilitarized zone") functions as a subnetwork containing an organization's exposed, outward-facing services. It acts as the exposed point to an untrusted networks, mainly to the Internet.
We need to :
DMZ adds an extra layer of security to an organization's local area network. A protected and monitored network node that faces outside the internal network can access what is exposed in the DMZ, while the rest of the organization's network is safe behind a firewall.
When implemented properly, a DMZ Network gives organizations extra protection in detecting and mitigating security breaches before they reach the internal network, where valuable assets are stored.
Ways we can construct a network with a DMZ. We can create complex architectures as per network requirements:
Mainly, we would Only store customer's data if necessary:
If we don't need it, we don't store it.
Retaining unencrypted cardholder data is risky and could end up being very expensive if your business falls victim to a breach.
In addition we may build an Incident Response Plan:
The key to mitigating damage following a breach is, firstly:
And, secondly:
Creating and implementing an Incident Response Plan helps an organisation work through the scenarios that could result in their data being exposed. Making sure that the Incident Response Plan actually works is also very important - stress testing it, like a fire alarm is essential in helping your team to understand what to do in the case of a suspected data breach.
This way the security would be provided and also the customers can have a friendly access.