As *I* understand it from the O'Reilly firewall book, "DMZ"
is another name for "screened subnet". I don't know of
any term for what you're describing as a DMZ, but it
sounds like a bad idea to me. The definition
of "perimeter network" on page 58 is quite explicit about this,
I think.
Elizabeth Zwicky
[EMAIL PROTECTED]
> -----Original Message-----
> From: geoffrey [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, February 05, 2000 11:27 PM
> To: Micheal Espinola Jr
> Cc: geoffrey; [EMAIL PROTECTED]
> Subject: RE: NT Network Browsing
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, 6 Feb 2000, Micheal Espinola Jr wrote:
>
> > OK - That being said, what is the difference? I thought a DMZ was a
> > screened subnet.
>
> As I understand the term from the O'Reilly & Bellovin
> firewalls books, a
> DMZ is all the systems which are set in the same address space as the
> firewall; not hanging off of it from a third NIC. The third NIC subnet
> allows for the firewall to afford some protection to these systems,
> whereas my definition leaves the DMZ systems unprotected
> except for there
> own methods. See what I mean?
>
> geoffrey
> +++++++++++++++++++++++++++++++++++
>
> Two hundred ... forty dollars ...
> worth of puddin'! Aaah yeaaah!
>
> ++++++++++++++++++++++++++++++++++
> Key fingerprint ===> 3B5C 0F9E 4CE0 EEA7 980B 6F43 B342 23C8
> EF21 48DF
> Public key available upon request.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP for Personal Privacy 5.0
> Charset: noconv
>
> iQA/AwUBOJ0iSbNCI8jvIUjfEQKhYgCdHoIuNelteodAwtRDpfmE2pfzlDYAoK0A
> DRHXYF2yrBohTvl3EvxPp170
> =Eenk
> -----END PGP SIGNATURE-----
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
