At August 10, 2005 16:26, concerning "Mainframe in the DMZ", Ted
MacNeil <[EMAIL PROTECTED]> wrote:
> > Firewall
> Well! Why didn't they say so? I know what that is!
Actually, it's more than that. The concept is part of "Structured
Networks" that made the rounds sometime before Y2k. (I think we
started ours 'bout '97 or so.) It's where you keep hearing 'bout the
"Trusted zone", the "Common zone", and the "DMZ". (I suspect the
latter was specifically adopted because of the networking mentality
at the time that felt they were - and, mostly, still are - at war
with virus and spam attacks.)
We schmucks inhabit the Common zone also broadly labelled "the
intERnet" while the Trusted zone was where your pristine data resides
and, apparently, needing an alternate name was pasted with "the
intRAnet". The DMZ is where you place your proxy web servers, etc.
but you have firewalls between each zone ie. only your proxy is
allowed into the Trusted zone from outside and the "outside"
("schmucks are people, too, ya know." *grin*) is only allowed to the
proxy. Essentially, the world thinks your business is only the proxy
services. (My network guru here says that you should even try for a
protocol change so that an http hack doesn't penetrate past the proxy
since it's doin', say, tcp/ip outbound. However, he realizes that's
not too feasible since most proxies are really just relays.)
We have the start of such a configuration (outside the mainframe)
where www.InfoWeb.uOttawa.ca is a proxy that passes the request to a
WebSphere server in the Trusted zone. The box only runs a proxy and
the Common-DMZ firewall will block non-http port requests from even
*reaching* the box.
Anyway, more (and accurate) reading can be google'd elsewhere. This
ended up much longer than the simple paragraph I'd planned. (Guess
it's the newbie blush of being able to answer a question. *grin*)
----------> signature = 6 lines follows <--------------
Neil Duffee, Joe SysProg, U d'Ottawa, Ottawa, Ont, Canada
telephone:1 613 562 5800 x4585 fax:1 613 562 5161
mailto:NDuffee of uOttawa.ca http:/ /aix1.uottawa.ca/ ~nduffee
"How *do* you plan for something like that?" Guardian Bob, Reboot
"For every action, there is an equal and opposite criticism."
"Systems Programming: Guilty, until proven innocent" John Norgauer 2004
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
