CCNA-Security-210-260-Identify Common Network Security Zones
3.6 هزار بار بازدید -
6 سال پیش
-
Identify common network security zonesCommon
Identify common network security zones
Common Network Security Zones:
Security Zones are the building blocks for policies; they are logical entities to which one or more interfaces are bound. Security Zones provide a means of distinguishing groups of hosts (User Systems and other Hosts, such as Servers) and their resources from one another in order to apply different security measures to them.
In security zones, traffic from a high security level is permitted to go to a lower security level. Traffic from a low security level to a higher security level will be denied, exceptions can be made until allowed.
Inside Zone:
This is the local LAN side of the firewall. Typical high security, #100 and trusted, it is called Private and Trusted Zone.
Outside Zone:
This is the Internet or Public Network; typically assign lowest security #0, not trusted at all. It is also called Public and Untrusted Zone.
DMZ:
DMZ (De-Militarized Zone) Zone is a portion of your network, which, although under your control, is outside your heaviest security. Compared to the rest of your network, machines you place in the DMZ are less protected. This is a zone that has one foot in each camp – lower security for Internet facing Servers, Proxies’ etc. typically assign security #1-99.
Traffic from a “High” security level to a “Lower” security level is permitted. Traffic from a “Low” security level to a “Higher” security level is denied. Traffic between two interfaces of the same security level is dropped.
Common Network Security Zones:
Security Zones are the building blocks for policies; they are logical entities to which one or more interfaces are bound. Security Zones provide a means of distinguishing groups of hosts (User Systems and other Hosts, such as Servers) and their resources from one another in order to apply different security measures to them.
In security zones, traffic from a high security level is permitted to go to a lower security level. Traffic from a low security level to a higher security level will be denied, exceptions can be made until allowed.
Inside Zone:
This is the local LAN side of the firewall. Typical high security, #100 and trusted, it is called Private and Trusted Zone.
Outside Zone:
This is the Internet or Public Network; typically assign lowest security #0, not trusted at all. It is also called Public and Untrusted Zone.
DMZ:
DMZ (De-Militarized Zone) Zone is a portion of your network, which, although under your control, is outside your heaviest security. Compared to the rest of your network, machines you place in the DMZ are less protected. This is a zone that has one foot in each camp – lower security for Internet facing Servers, Proxies’ etc. typically assign security #1-99.
Traffic from a “High” security level to a “Lower” security level is permitted. Traffic from a “Low” security level to a “Higher” security level is denied. Traffic between two interfaces of the same security level is dropped.
6 سال پیش
در تاریخ 1397/05/03 منتشر شده
است.
3,641
بـار بازدید شده