Escolar Documentos
Profissional Documentos
Cultura Documentos
TCP/IP is the communication protocol for communication between computers on the Internet.
TCP/IP stands for Transmission Control Protocol / Internet Protocol.
TCP/IP defines how electronic devices (like computers) should be connected to the Internet, and
how data should be transmitted between them.
Inside the TCP/IP standard there are several protocols for handling data communication:
the TCP/IP model consists of four layer these are theLink Layer, the Internet Layer,
the Transport Layer, and the Application Layer.
Routers
When an IP packet is sent from a computer, it arrives at an IP router.
The IP router is responsible for "routing" the packet to the correct destination, directly or via
another router.
The path the packet will follow might be different from other packets of the same communication.
The router is responsible for the right addressing, depending on traffic volume, errors in the
network, or other parameters.
Generally, any service that is being provided to users from an external network could be
placed in the DMZ. The most common of these services are web servers, mail servers,
FTP servers, VoIP servers and DNS servers. In some situations, additional steps need
to be taken to be able to provide secure services.
Web servers
Web servers may need to communicate with an internal database to provide some
specialized services. Since the database server is not publicly accessible and may
contain sensitive information, it should not be in the DMZ. Generally, it is not a good idea
to allow the web server to communicate directly with the internal database server.
Instead, an application firewall can be used to act as a medium for communication
between the web server and the database server. This may be more complicated, but
provides another layer of security.
E-mail servers
Because of the confidential nature of e-mail, storing it in the DMZ is a poor idea, and it is
also a poor idea to store the user database there. Instead, e-mail should be stored on an
internal e-mail server placed in a hidden area inside the DMZ (an area that cannot be
accessed from the internet, but can be accessed from the e-mail server). Some people
place the internal e-mail server in a LAN area, which is not good practice, because it
does not allow for the best performance. Also it can be a security problem, because
although this configuration provides security from external attacks, it does not protect
from internal attacks (for example communication could be sniffed or spoofed).
The mail server inside the DMZ should pass incoming mail to the secured/internal mail
servers and this mail server should pass outgoing mail to the external mail servers.
A virtual private network (VPN) is a private communications network often used within a
company, or by several different companies or organizations, to communicate confidentially over
a publicly accessible network. VPN message traffic can be carried over a public networking
infrastructure (e.g. the Internet) on top of standard protocols, or over a service provider's private
network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN
service provider.
Site-to-Site VPN
Through the use of dedicated equipment and large-scale encryption, a company can
connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs
can be one of two types:
• Intranet-based - If a company has one or more remote locations that they
wish to join in a single private network, they can create an intranet VPN to
connect LAN to LAN.
• Extranet-based - When a company has a close relationship with another
company (for example, a partner, supplier or customer), they can build an extranet
VPN that connects LAN to LAN, and that allows all of the various companies to work
in a shared environment.