On 23 Aug 99, at 19:02, Pazhamalai wrote: > Hi - > > I often hear a jargon DMZ in the mailing list. I understand this concept is > relating to three ethernet cards concept in a firewall design. Can someone > provide more details or URL to get more clarity on this. > > Regrets if this is a simple and straight forward question... > > regards/Jpmalai Between North and South Korea, there is an area created by the ceasefire agreement called the De-Militarized Zone, a buffer area which keeps the troops on the two sides from accidentally running into each other and starting to shoot. "DMZ" is an abbreviation of this name. In the firewall sense, better terms from castle architecture might be Outer "Bailey" or "Ward". It's the space between an outer and an inner defensive perimeter. Everything inside the inner perimeter is trusted; everything outside the outer perimeter may be hostile. The zone between contains machines which are friendly and, as much as possible, defended -- but not trusted. The DMZ is the place for machines that must host services visible to the outside world, and may thus be subjected to attack; the ineer perimeter surrounds machines which will not be exposed if a host in the DMZ is compromised. There has occasionally been some debate about whether a third NIC provides a "true" DMZ, or whether you can only legitimately use the term when you have two firewalls, an inner and an outer. I like to define it in terms of inner and outer security perimeters, and leave open the possibility that these could be implemented as separate interfaces off a single box. David G - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
