A DMZ is a DMZ. It's a common practice of hanging your external servers
behind the router but in front of your firewall. It keeps your internal
network protected without having to deal with poking holes in your firewall
to get your external servers exposed for the services they offer.
It's a tried and true practice. I don't much care what a book has to say
about it (O'Reilly or otherwise) because I've seen it implemented on several
networks I've worked on and I've implemented it myself. Tastes great, less
filling.
Ric
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Elizabeth Zwicky
> Sent: Monday, February 07, 2000 11:06 AM
> To: 'geoffrey'; Micheal Espinola Jr
> Cc: [EMAIL PROTECTED]
> Subject: RE: NT Network Browsing
>
>
>
> As *I* understand it from the O'Reilly firewall book, "DMZ"
> is another name for "screened subnet". I don't know of
> any term for what you're describing as a DMZ, but it
> sounds like a bad idea to me. The definition
> of "perimeter network" on page 58 is quite explicit about this,
> I think.
>
> Elizabeth Zwicky
> [EMAIL PROTECTED]
>
> > -----Original Message-----
> > From: geoffrey [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, February 05, 2000 11:27 PM
> > To: Micheal Espinola Jr
> > Cc: geoffrey; [EMAIL PROTECTED]
> > Subject: RE: NT Network Browsing
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Sun, 6 Feb 2000, Micheal Espinola Jr wrote:
> >
> > > OK - That being said, what is the difference? I thought a DMZ was a
> > > screened subnet.
> >
> > As I understand the term from the O'Reilly & Bellovin
> > firewalls books, a
> > DMZ is all the systems which are set in the same address space as the
> > firewall; not hanging off of it from a third NIC. The third NIC subnet
> > allows for the firewall to afford some protection to these systems,
> > whereas my definition leaves the DMZ systems unprotected
> > except for there
> > own methods. See what I mean?
> >
> > geoffrey
> > +++++++++++++++++++++++++++++++++++
> >
> > Two hundred ... forty dollars ...
> > worth of puddin'! Aaah yeaaah!
> >
> > ++++++++++++++++++++++++++++++++++
> > Key fingerprint ===> 3B5C 0F9E 4CE0 EEA7 980B 6F43 B342 23C8
> > EF21 48DF
> > Public key available upon request.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP for Personal Privacy 5.0
> > Charset: noconv
> >
> > iQA/AwUBOJ0iSbNCI8jvIUjfEQKhYgCdHoIuNelteodAwtRDpfmE2pfzlDYAoK0A
> > DRHXYF2yrBohTvl3EvxPp170
> > =Eenk
> > -----END PGP SIGNATURE-----
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
