DMZ Explained | Demilitarised Zone
Рет қаралды 34,499
Жыл бұрынJoin the Discord Server!
/ discord
---------------------
MY FULL CCNA COURSE
📹 CCNA - certbros.teachable.com/p/cisc...
FREE CCNA FLASHCARDS
🃏 CCNA Flashcards - certbros.com/ccna/flashcards
HOW TO PASS THE CCNA
📚 Get a great book - amzn.to/3f16QA5
📹 Take a video course - certbros.teachable.com/p/cisc...
✔ Use practice exams - www.certbros.com/ccna/Exsim
SOCIAL
🐦 Twitter - / certbros
📸 Instagram - / certbros
👔 LinkedIn - / certbros
💬 Discord - www.certbros.com/discord
Disclaimer: These are affiliate links. If you purchase using these links, I'll receive a small commission at no extra charge to you.
---------------------------------------------------------------------------------------------------------------
What is a DMZ?
Well, the name comes from the military.
In military terms, it's an area where military activity is forbidden, often along borders. A well-known example of a Demilitarised Zone is the border between North and South Korea.
A DMZ, in computer terms, is similar. It's an area of a network where security rules and policies are more relaxed.
But, why on earth would you want to relax security policies?
Well, imagine you have a web server. You install it in your network just like all of your other devices.
You want people to access your web server and visit your website right? So you allow public access to your web server through your router and firewall.
Great, so now people can come and browse your website, www.example.com, and the request will be sent to your web server sitting inside your network.
Now, this may seem fine, but it leaves you vulnerable to attacks. Web servers and websites are not bulletproof, and they require a lot of work to keep maintained, up-to-date and secure.
Let's say an attacker targets your website, and that attacker can get access to the web server itself. This is where the problems start.
Because our web server is installed alongside our other corporate servers and workstations, the attacker can now start to attack these machines from the web server. With a bit of luck, the attacker could gain access to the entire network. This is called lateral movement.
From here, it's really up to the attacker what they do next. It could be the exfiltration of your data or infecting your systems with ransomware, which will encrypt your data.
So, what is the solution?
Instead of installing the web server in the corporate network, we can install it into its own network called a DMZ.
A DMZ is created with two firewalls. The first firewall allows public access to our web server; the second firewall blocks public access.
If an attacker can access our web server, they may try to get lateral movement by attacking other machines in the network. Well, because we have separated this web server into its own network, there are no other machines to attack, and our second firewall blocks access to our corporate network.
So, while the web server has been compromised, the DMZ allows us to contain the attack to just that web server.
This dramatically reduces the cyber attack's impact and makes the hacker sad. Meanwhile, the rest of the corporate network is unharmed and operating as normal.
@klwthe3rd Жыл бұрын
This video is honestly one of the most simple, yet clearly explained real life execution of a DMZ. I work in It Security and i've watched hundreds of videos that try to explain this concept but fail because of their lack of application. Videos that simplify concepts to a basic level help people learn better. Great job! 👍
@harisharavindkumar7400 11 ай бұрын
I'm a beginner and I simply love the way you explained with with animation and pictures. Thanks a bunch!!!
@nadimsaade1753 Жыл бұрын
mate u are amazing u helped me a lot keep going never seen any simple way more then that
@Don-Carillo Жыл бұрын
appreciated as always, one of the best at making learning enjoyable and easy to absorb
@Amwfilms Жыл бұрын
Great video thanks for the animation to further drive the concept home.
@laitkoriancowboy83 8 ай бұрын
I love you for creating this video and explaining so beautifully ❤
@radicalsolih Жыл бұрын
Wish you big growth!🎉❤
@Shubham-Mishra Жыл бұрын
Hey please keep uploading CCNA related videos.. lot's of love 🤗❤
@BosonSoftware Жыл бұрын
Great stuff as always! 💚
@Certbros Жыл бұрын
It's always a good day when Boson shows up in your comment sections! 😁 Thank you!
@snowballeffects Жыл бұрын
Great overview - cheers Sam!
@Certbros Жыл бұрын
Thank you! Glad you liked it
@sarfarazahmad221 10 ай бұрын
Excellent explanation 🎉❤
@CyberTronics 2 ай бұрын
How does having 2 firewalls provide better security & redundancy? The firewalls are protecting different elements. If one firewall goes down the internal traffic won’t be getting out since it’s in the path of outgoing traffic….?
@mihaelahozmache7538 3 ай бұрын
This is super useful. Thank you!
@marcosalameh8677 Жыл бұрын
Perfect!
@ukaszkiepas57 Ай бұрын
Thank you !!! Awesome!
@kahlillabastilla3584 Ай бұрын
Subscribed, sir! This is great stuff.
@Certbros Ай бұрын
Thank you! Happy you enjoyed the video.
@dragongames3057 Жыл бұрын
Thank you for the info brother.
@Certbros Жыл бұрын
You're welcome!
@lenyfreeman3807 10 ай бұрын
Great simplified explanation AND application. Since watching I'm thinking the public facing network should be on a separate provider circuit.
@orleydoss3171 Жыл бұрын
Good stuff 👍
@Certbros Жыл бұрын
Thank you as always Orley!!
@geekmuralin Ай бұрын
Thank you
@Certbros Жыл бұрын
Is it DM-Zed or DM-Zee? 🤔
@rahulsinghpatel9621 Жыл бұрын
DM- Zee is the correct pronunciation currently being used in the industry
@IT10T Жыл бұрын
@@rahulsinghpatel9621 It was rhetorical, they are aware of that, they are poking fun at his accent.
@CyberTronics 2 ай бұрын
DM Zed THANK YOU FOR SAYING IT PROPERLY AND NOT SUBMITTING TO THE …. (You know who) 😅
@LoremIpsum797 Жыл бұрын
If you block any other traffic (source WAN, destination any, port any, action - deny) then how workstations can browse Internet?
@Certbros Жыл бұрын
Great question! Most firewalls are statefull. This means that if traffic is allowed out, then it will be allowed back in. I didn't show outbound rules here because they're not relevant to DMZs. Hope that helps!
@LoremIpsum797 Жыл бұрын
@@Certbros Thank you for your clear explanation ☺️ that makes sense
@leanophologolo9066 5 ай бұрын
i was looking for DMZ call of duty but i stayed
@anldursun8300 6 ай бұрын
then how the web server talks to the backend?
@yogesh7125 Жыл бұрын
❤
@chochanga Жыл бұрын
Hi CertBros. I just checked your website. The CCNA course is already available to purchase?
@Certbros Жыл бұрын
Hi Chochanga. Yes you can purchase the course by going to courses.certbros.com. Hope to see you there 😎
@chochanga Жыл бұрын
@@Certbros great! When did you finished it?
@Omairi86 11 күн бұрын
Can a server in a DMZ pose a security risk to the rest of the network? Like if i put my playstation ip on DMZ network will it put any danger on my other devices if it got hacked ? Thank you in advance.
@Certbros 7 күн бұрын
The purpose of a DMZ is to protect the rest of the network from the public facing assets. As for the playstation, other than a possible slight increase in network performance, I can’t think of any benefits.
@impcareer4055 Жыл бұрын
cool
@gaBehcuoDsuoitneterP Жыл бұрын
👍
@lethalz4519 Жыл бұрын
D EM ZED
@Certbros Жыл бұрын
😂
@jenycek2222 Жыл бұрын
D EM ZEE
@furkankaraslan9040 Жыл бұрын
wth?? just in time
@FanaticosdelRouting Жыл бұрын
Great job
@Jobberwocky 6 ай бұрын
You cannot create with vlans.
The BN Family
Рет қаралды 19 МЛН
IT k Funde
Рет қаралды 5 МЛН
Simplilearn
Рет қаралды 2,9 М.