At August 10, 2005 16:26, concerning "Mainframe in the DMZ", Ted MacNeil <[EMAIL PROTECTED]> wrote:
> > Firewall > Well! Why didn't they say so? I know what that is! Actually, it's more than that. The concept is part of "Structured Networks" that made the rounds sometime before Y2k. (I think we started ours 'bout '97 or so.) It's where you keep hearing 'bout the "Trusted zone", the "Common zone", and the "DMZ". (I suspect the latter was specifically adopted because of the networking mentality at the time that felt they were - and, mostly, still are - at war with virus and spam attacks.) We schmucks inhabit the Common zone also broadly labelled "the intERnet" while the Trusted zone was where your pristine data resides and, apparently, needing an alternate name was pasted with "the intRAnet". The DMZ is where you place your proxy web servers, etc. but you have firewalls between each zone ie. only your proxy is allowed into the Trusted zone from outside and the "outside" ("schmucks are people, too, ya know." *grin*) is only allowed to the proxy. Essentially, the world thinks your business is only the proxy services. (My network guru here says that you should even try for a protocol change so that an http hack doesn't penetrate past the proxy since it's doin', say, tcp/ip outbound. However, he realizes that's not too feasible since most proxies are really just relays.) We have the start of such a configuration (outside the mainframe) where www.InfoWeb.uOttawa.ca is a proxy that passes the request to a WebSphere server in the Trusted zone. The box only runs a proxy and the Common-DMZ firewall will block non-http port requests from even *reaching* the box. Anyway, more (and accurate) reading can be google'd elsewhere. This ended up much longer than the simple paragraph I'd planned. (Guess it's the newbie blush of being able to answer a question. *grin*) ----------> signature = 6 lines follows <-------------- Neil Duffee, Joe SysProg, U d'Ottawa, Ottawa, Ont, Canada telephone:1 613 562 5800 x4585 fax:1 613 562 5161 mailto:NDuffee of uOttawa.ca http:/ /aix1.uottawa.ca/ ~nduffee "How *do* you plan for something like that?" Guardian Bob, Reboot "For every action, there is an equal and opposite criticism." "Systems Programming: Guilty, until proven innocent" John Norgauer 2004 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html