Perimeter network scenarios
|Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.|
A perimeter network (also known as a DMZ, demilitarized zone, and screened subnet) is a small network that is set up separately from an organization's private network and the Internet. The perimeter network allows external users access to the specific servers located in the perimeter network while preventing access to the internal corporate network. An organization may also allow very limited access from computers in the perimeter networks to computers in the internal network.
A perimeter network is commonly used for deploying the e-mail and Web servers for the company. The perimeter network can be set up in one of these configurations:
Back-to-back perimeter network configuration, with two Microsoft Internet Security and Acceleration (ISA) Server computers on either side of the perimeter network. For more information, see Back-to-back perimeter network configuration.
Three-homed ISA Server computer, with the perimeter network and the local network protected by the same ISA Server computer. For more information, see Three-homed perimeter network configuration.
For example, the perimeter network may include the company's Web server, so that Web content can be sent to the Internet. However, the perimeter network does not allow access to any other company data that may be available on computers in the local network. Even if an external user penetrates the perimeter network security, only the perimeter network servers are compromised.