Network - Common Network Architecture

The network architecture has a great influence over the security of the network. The placement of servers with respect to the firewall and various other computers can affect both network performance and security. There may even be areas of the network that are more secure than others. Some of these areas may be further protected with additional firewalls and other managed devices, ie routers and switches. A typical network is shown above.

The DMZ (DeMilitarised Zone) is typically a section where publicly visible servers are placed. It is generally wise to have this configuration in order to avoid excessive traffic on the internal network and, ABOVE ALL, lower security vulnerabilities. Systems placed within a DMZ generally have no rights to start communications to the internal network, however systems in the internal network are generally allowed to start communications to systems in the DMZ. This one-sided start of communications is a great security benefit from using DMZs. You can think of a DMZ as a part of your network that you only trust slightly more than the internet.

---