DMZ - Demilitarized Zone ============================= .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is a DMZ?** A DMZ (Demilitarized Zone) is a physical or logical subnetwork that separates an internal local area network (LAN) from untrusted external networks (usually the internet). It acts as a buffer zone to add an extra layer of security. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is DMZ important?** * Allows external users to access specific services (like web, email, or DNS) without exposing the internal network. * Limits damage in case of a breach. * Helps enforce strict access control and segmentation policies. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How DMZ works (in simple steps):** * A firewall or router separates the DMZ from both the internal network and the internet. * Public-facing services (e.g., web servers) are placed in the DMZ. * External users access these services without touching the internal network. * Internal users can access the DMZ, but DMZ-to-internal access is restricted. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is DMZ used?** * Hosting public web servers * Email gateways * DNS servers * Reverse proxies * VPN concentrators * Any publicly accessible services requiring isolation from internal networks .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI Layer does this concept belong to?** DMZ is a **network architecture concept** that primarily operates at the **Network Layer (Layer 3)** because: * It controls routing and segmentation of IP-level traffic. * Implemented using routers, firewalls, and switches. * Defines trust boundaries between internal, external, and intermediary zones. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`DMZ Version&RFC Details ` * :ref:`DMZ Basic Setup on Ubuntu using IPv4 ` * :ref:`DMZ Basic Setup on Ubuntu using IPv6 ` * :ref:`DMZ Protocol Packet Details ` * :ref:`DMZ Usecases ` * :ref:`DMZ Basic Features ` * :ref:`DMZ Feature : Network Segmentation ` * :ref:`DMZ Feature : Firewall Enforcement ` * :ref:`DMZ Feature : Public Service Hosting ` * :ref:`DMZ Feature : Access Control ` * :ref:`DMZ Feature : Intrusion Detection/Prevention ` * :ref:`DMZ Feature : Logging and Monitoring ` * :ref:`DMZ Feature : Reverse Proxy Support ` * :ref:`DMZ Feature : VPN Termination Point ` * :ref:`DMZ Feature : Redundancy and High Availability ` * :ref:`DMZ Feature : Cloud-Compatible Design ` * :ref:`Reference links ` .. _DMZ_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _DMZ_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _DMZ_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _DMZ_step5: .. tab-set:: .. tab-item:: DMZ Version&RFC Details .. csv-table:: :file: ./DMZ/DMZ_Version_and_RFC_Details.csv :widths: 10,10,10,30 :header-rows: 1 .. _DMZ_step20: .. tab-set:: .. tab-item:: DMZ Basic Setup on Ubuntu using IPv4 **Setup** .. _DMZ_step21: .. tab-set:: .. tab-item:: DMZ Basic Setup on Ubuntu using IPv6 **Setup** .. _DMZ_step6: .. tab-set:: .. tab-item:: DMZ Protocol Packet Details **Inbound Request Packet** .. csv-table:: :file: ./DMZ/DMZ_packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **DMZ Server Response Packet** .. csv-table:: :file: ./DMZ/DMZ_packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 **Internal Request Packet (Controlled)** .. csv-table:: :file: ./DMZ/DMZ_packetdetails3.csv :widths: 10,20,30,10 :header-rows: 1 **Firewall Control Packet** .. csv-table:: :file: ./DMZ/DMZ_packetdetails4.csv :widths: 10,20,30,10 :header-rows: 1 .. _DMZ_step7: .. tab-set:: .. tab-item:: DMZ Usecases .. csv-table:: :file: ./DMZ/DMZ_Use_cases.csv :widths: 10,20,30 :header-rows: 1 .. _DMZ_step8: .. tab-set:: .. tab-item:: DMZ Basic Features .. csv-table:: :file: ./DMZ/DMZ_Basic_Features.csv :widths: 10,10,30 :header-rows: 1 .. _DMZ_step9: .. tab-set:: .. tab-item:: DMZ Feature : Network Segmentation **Network Segmentation - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature1_Network_Segmentation_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step10: .. tab-set:: .. tab-item:: DMZ Feature : Firewall Enforcement **Firewall Enforcement - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature2_Firewall_Enforcement_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step11: .. tab-set:: .. tab-item:: DMZ Feature : Public Service Hosting **Public Service Hosting - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature3_Public_Service_Hosting_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step12: .. tab-set:: .. tab-item:: DMZ Feature : Access Control **Access Control - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature4_Access_Control_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step13: .. tab-set:: .. tab-item:: DMZ Feature : Intrusion Detection/Prevention **Intrusion Detection/Prevention - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature5_Intrusion_Detection_Prevention_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step14: .. tab-set:: .. tab-item:: DMZ Feature : Logging and Monitoring **Logging and Monitoring - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature6_Logging_and_Monitoring_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step15: .. tab-set:: .. tab-item:: DMZ Feature : Reverse Proxy Support **Reverse Proxy Support - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature7_Reverse_Proxy_Support_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step16: .. tab-set:: .. tab-item:: DMZ Feature : VPN Termination Point **VPN Termination Point - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature8_VPN_Termination_Point_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step17: .. tab-set:: .. tab-item:: DMZ Feature : Redundancy and High Availability **Redundancy and High Availability - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature9_Redundancy_and_High_Availability_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step18: .. tab-set:: .. tab-item:: DMZ Feature : Cloud-Compatible Design **Cloud-Compatible Design - Testcases** .. csv-table:: :file: ./DMZ/DMZ_Feature10_Cloud_Compatible_Design_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _DMZ_step19: .. tab-set:: .. tab-item:: Reference links * Reference links