I have to explain how a DMZ works, now my general understanding is that a DMZ contains devices that generally need to provide external services such as Email, Web Servers etc... Any external users trying to access the internal network should only ever have access to the DMZ zone, any hackers attackers should only ever be able to compromise the items that are in the DMZ...The DMZ is sometimes protected by a firewall, but the internal protected LAN should always be protected by a firewall.
I would think that the general idea is that you have the following setup:
INTERNET COMING IN-----> ROUTER -------> FIREWALL ------> DMZ -----> FIREWALL -----> INTERNAL PROTECTED LAN
So the idea is that you have the internal coming in and connected to a simple router to route the incoming traffic to the firewall, the first firewall is the first level of protection and allows people/users to access the DMZ. Anybody wishing to get further into the network needs to get through the seconds firewall which has more restrictions in place to get to the internal network.
Am i on the correct lines with this?
If not can someone clarify how it works to me as i need to explain in detail the best setup for a DMZ and why i think it is the best setup with references (for a university task).
Thanks in advance and i look forward to hearing your replies!