tailieunhanh - CompTIA Network+ Certification Study Guide part 43

CompTIA’s Network+ certification Study Guide part 43 is a globally-recognized, vendor neutral exam that has helped over 235,000 IT professionals reach further and higher in their careers. The 2009 Network+ exam (N10-004) is a major update with more focus on security and wireless aspects of networking. Our new study guide has been updated accordingly with focus on network, systems, and WAN security and complete coverage of today’s wireless networking standards. | 406 CHAPTER 9 Security Standards and Services FIGURE The Complex N-Tier Arrangement. IIS Servers COM Servers SQL Servers that house an Structured Query Language SQL 2005 database. Figure provides an example of this concept. DMZs In computer security a DMZ is a neutral network segment where systems accessible to the public Internet are housed which offers some basic levels of protection against attacks. The term DMZ is derived from the military and is used to describe a safe or buffer area between two countries where by mutual agreement no troops or war-making activities are allowed. In the following sections we will explore this concept in more detail. DMZ Design There are usually strict rules regarding what is allowed within a zone. When you are applying this term to the IT security realm it can be used to create DMZ segments in usually one of two ways Layered DMZ implementation Multiple interface firewall implementation In the first method the systems that require protection are placed between two firewall devices with different rule sets which allow systems on the Internet to connect to the offered services on the DMZ systems but prevent them from connecting to the computers on the internal segments of the organization s network often called the protected network . Security Zones 407 The second method is to add a third interface to the firewall and place the DMZ systems on that network segment see Figure . As an example this is the way Cisco PIX firewalls are designed. This design allows the same firewall to manage the traffic between the Internet the DMZ and the protected network. Using one firewall instead of two lowers the costs of the hardware and centralizes the rule sets for the network making it easier to manage and troubleshoot problems. Currently this multiple interface design is a common method for creating a FIGURE A Multiple Interface Firewall DMZ Implementation. DMZ segment. In either case the DMZ systems are offered some level of .

TỪ KHÓA LIÊN QUAN