Defining Network Infrastructures and Network Security | 175 CERTIFICATION READY How would you define a DMZ? 1.1 firewall, then this will be the device that is scanned. If your computer connects directly to the Internet, then the computer will be scanned.

6. Make note of the results. It should show the public IP that was scanned. Then it will

list the ports that were scanned and their status. The desired result for all ports listed is “Stealth,” all the way down the line for each of the listed ports. If there are Open or Closed ports, you should check to make sure that the firewall is enabled and oper- ating properly.

7. Try a few other scans, such as All Service Ports or File Sharing.

A proxy server acts as an intermediary between a LAN and the Internet. By definition, proxy means “go-between,” acting as such a mediator between a private and a public network. The proxy server evaluates requests from clients, and if they meet certain criteria, forwards them to the appropriate server. There are several types of proxies, including the following: • Caching proxy attempts to serve client requests without actually contacting the remote server. Although there are FTP and SMTP proxies among others, the most common caching proxy is the HTTP proxy, also known as a web proxy, which caches web pages from servers on the Internet for a set amount of time. This is done to save bandwidth on the company’s Internet connection and to increase the speed at which client requests are carried out. • IP proxy secures a network by keeping machines behind it anonymous; it does this through the use of NAT. For example, a basic four-port router will act as an IP proxy for the clients on the LAN it protects. Another example of a proxy in action is Internet content filtering. An Internet content filter, or simply a content filter, is usually applied as software at the application layer and it can filter out various types of Internet activities, such as access to certain Web sites, email, instant messaging, and so on. Although firewalls are often the device closest to the Internet, sometimes another device could be in front of the firewall, making it the closest to the Internet—a network intrusion detec- tion system, or perhaps a more advanced network intrusion prevention system. A network intrusion detection system NIDS is a type of IDS that attempts to detect mali- cious network activities e.g., port scans and DoS attacks by constantly monitoring network traffic. The NIDS will then report any issues that it finds to a network administrator as long as it is configured properly. A network intrusion prevention system NIPS is designed to inspect traffic, and, based on its configuration or security policy, it can remove, detain, or redirect malicious traffic in addi- tion to simply detecting it. Redefining the DMZ A perimeter network or demilitarized zone DMZ is a small network that is set up separately from a company’s private local area network and the Internet. It is called a perimeter network because it is usually on the edge of a LAN, but DMZ has become a much more popular term. A DMZ allows users outside a company LAN to access specific services located on the DMZ. However, when the DMZ set up properly, those users are blocked from gaining access to the company LAN. Users on the LAN quite often connect to the DMZ as well, but with- out having to worry about outside attackers gaining access to their private LAN. The DMZ might house a switch with servers connected to it that offer web, email, and other services. Two common DMZ configurations are as follows: • Back-to-back configuration: This configuration has a DMZ situated between two firewall devices, which could be black box appliances or Microsoft Internet Security and Acceleration ISA Servers.