Copyright Goodheart-Willcox Co., Inc. 477 Chapter 15 Network Security Demilitarized Zone (DMZ) A demilitarized zone (DMZ) is an area of a network that permits access from a host located outside the local area network. Network administrators confi gure a fi rewall to allow Internet access to part of the network while restricting access to the private portion of the network. Th is confi guring can be seen in Figure 15-21. Th e DMZ is the portion of the network that permits access from the Internet. A DMZ can be created with a router or a server with three network adapters installed. One network adapter is connected directly to the Internet, another is connected to the DMZ, and the other is connected to the private section of the network. 1.3, 4.6 NET Figure 15-21 The DMZ is the portion of the network that permits access from the Internet. File server Application server Firewall DHCP server Web server E-mail server Internet Secure private network DMZ (server icons) fullvector/Shutterstock.com Goodheart-Willcox Publisher Note Cisco introduced the term zone-based policy to distinguish its new method of firewall protection in which it divides the network into zones and applies firewall policies to each zone. 2.3 NET Unifi ed Threat Management (UTM) A very popular technology today is unifi ed threat management (UTM). UTM com- bines several security technologies, allowing you to manage your fi rewall as well as proxy server, IDS, or other function. Th e combination of all of these in one package is very useful. Layer 7 Firewall While fi rewalls often work at lower layers of the OSI model, it is possible for them to work at other layers. Th ese are often part of the next-generation fi rewalls (NGFW), which combine traditional fi rewall security with any number of other fi ltering functionalities. Proxy Server A proxy server is a fi rewall component that is typically installed on a server and re- sides between the Internet server and the LAN hosts. It appears as a destination host