De-Militirized Zone, DMZ is perimeter network which separates internal trusted LAN from untrusted networks. DMZ could be logical or physical. DMZ also know as screened network as well. Firewall are placed to protect network. Perimeter router has 3 arms, connected t o public, private and dmz networks. Public facing websites are placed in dmz.
Virtual LAN is logical network created by connecting systems from one LAN or more LANs. VLAN create an overlay network.
Attacks on VLANS are created for functionality and does not provide additional security.
In a nutshell Network Address Translation (NAT) provides a one-to-one translation from IP Address to IP address.
In a Port Address Translation (PAT) there is a many-to-one relationship. This is commonly used on a firewall when a corporation wants all IP addresses in its internal network to use a single IP address.
SNAT vs DNAT
Network Address Translation (NAT) occurs when one of the IP addresses in an IP packet header is changed. In a SNAT, the destination IP address is maintained and the source IP address is changed. Most commonly, a SNAT allows a host on the “inside” of the NAT, in an RFC 1918 IP address space, to initiate a connection to a host on the “outside” of the NAT. A DNAT, by way of contrast, occurs when the destination address is changed and the source IP address is maintained. A DNAT allows a host on the “outside” to connect to a host on the “inside”. In both cases, the NAT has to maintain a connection table which tells the NAT where to route returning packets. An important difference between a SNAT and a DNAT is that a SNAT allows multiple hosts on the “inside” to get to any host on the “outside”.
Network Admission Control is used to forbid unauthorized access to trusted network. This is part of defense in depth(layered security) strategy.