I see what you are saying - but even with my admitted limited firewall
knowledge, I am somewhat stunned to hear that definition - especially coming
from an O'Reilly book. I personally have never seen a DMZ referenced as an
un-screened zone in any situation.
So what you are saying is that the DMZ is the subnet of the external
interface?
Cisco, Checkpoint, Sun, & various .gov's regard a DMZ as a screened subnet -
whether that of a 3rd interface, or a subnet residing between a pair of
redundant firewalls - but nothing that is completely exposed.
Which O'Reilly book is this quote from? Perhaps I have some catching up to
do!
| -----Original Message-----
| From: geoffrey [mailto:[EMAIL PROTECTED]]
| Sent: Sunday, February 06, 2000 2:27 AM
| To: Micheal Espinola Jr
| Cc: geoffrey; [EMAIL PROTECTED]
| Subject: RE: NT Network Browsing
|
|
| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
| On Sun, 6 Feb 2000, Micheal Espinola Jr wrote:
|
| > OK - That being said, what is the difference? I thought a DMZ was a
| > screened subnet.
|
| As I understand the term from the O'Reilly & Bellovin firewalls books, a
| DMZ is all the systems which are set in the same address space as the
| firewall; not hanging off of it from a third NIC. The third NIC subnet
| allows for the firewall to afford some protection to these systems,
| whereas my definition leaves the DMZ systems unprotected except for there
| own methods. See what I mean?
|
| geoffrey
| +++++++++++++++++++++++++++++++++++
|
| Two hundred ... forty dollars ...
| worth of puddin'! Aaah yeaaah!
|
| ++++++++++++++++++++++++++++++++++
| Key fingerprint ===> 3B5C 0F9E 4CE0 EEA7 980B 6F43 B342 23C8 EF21 48DF
| Public key available upon request.
|
| -----BEGIN PGP SIGNATURE-----
| Version: PGP for Personal Privacy 5.0
| Charset: noconv
|
| iQA/AwUBOJ0iSbNCI8jvIUjfEQKhYgCdHoIuNelteodAwtRDpfmE2pfzlDYAoK0A
| DRHXYF2yrBohTvl3EvxPp170
| =Eenk
| -----END PGP SIGNATURE-----
|
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
