If you look at the most prominent DMZ in the world (Korea), you will see
that it is an area BETWEEN two enemies. There is no screening or other
protection between either Korea and the DMZ. Thus, it is not completely
unreasonable to define it like this:
net
|
|
router
|
|
DMZ
|
|
firewall
|
|
inside network
This does in fact qualify as "a network added
between a protected network and an external network, in order to provide an
additional layer of security", albeit some would argue it is a weak
qualification.
However, in my experience, *most* firewall people view this as the standard
architecture:
net
|
|
router
|
|
outside network
|
|
firewall >> DMZ
|
|
inside network
So, I propose that both are valid explanations / definitions of a DMZ.
Thus, when you ask a question about the DMZ, simply specify:
I'm using an Acme firewall-77 in the DMZ (third leg), and want to make it
do....
OR
I'm using an Acme firewall-77 in the DMZ ('tween net router and firewall),
and want to make it do....
And, yeah, if you have control of it or can convince your ISP to change it,
you add whatever helpful screening rules you can to the outside router. But
that's not always possible.
my two cents.
-----Original Message-----
-----Original Message-----
From: Gene Lee [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 07, 2000 12:13 PM
To: Ric Messier; Elizabeth Zwicky; 'geoffrey'; Micheal Espinola Jr
Cc: [EMAIL PROTECTED]
<<<SSNNIIPP>>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
