On Saturday 06 April 2002 21:56, you wrote:
> Someone's forging your mail then:
>
> Message-ID: <010301c1dcf0$1bf55810$[EMAIL PROTECTED]>
> Date: Fri, 5 Apr 2002 17:20:35 -0500
> From: Laura A. Robinson <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Basic DMZ Setup Questions...
>
> > I think that the term DMZ (de-militarized zone which is also called
> > no-man's land) loses its useful meaning if it is used for a segment on
> > the inside of a firewall. I know that it is commonly used for a
> > semi-protected segment on the third NIC of a firewall.
>
> Okay, I think that perhaps there is misunderstanding as to what my
> *extremely* simple statement meant, due in no small part to its constant
> intentional misinterpretation on the part of another. *This* is what I was
> describing:
>
> Internet-----Firewall-----DMZ-----Firewall-----<[see below]
>
>
> Paul
On page 58 of Chapman and Zwicky's Nov95 edition of "Building Internet
Firewalls," the authors define:
<i>Perimiter Network</i>
A network added between a protected network and an external network, in
order to provide an additional layer of security. A Perimiter network
is sometimes called a DMZ, which stands for <i>De-Militarized Zone</i>
(named after the zone separating North and South Korea.
In other words, the topology described by Robinson above:
Internet-----Firewall-----DMZ-----Firewall-----[private network]
properly illustrates the DMZ. The basic notion that there are two
firewalls to penetrate to get to the private network illustrates the
DMZ notion. The network topology that Roberrtson ascribes to "DMZ" is
what Chapman and Zwicky describe as a "merged interior and exterior
router". Check out the diagram on page 73 of "Building Internet Firewalls"
for more details. The obvious weakness with this architecture is that only
one router needs to be compromised to gain access to two networks (one
that presumably has the company jewels in it).
I would suggest to anyone that has followed this sometime inflammatory
thread that they read Chapman and Zwicky's Chapter 4 entirely. It provides a
fine context to sort through some of the posts made on this list.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
