You put information systems in the DMZ that are meant to openly accessible to an unprotected network such as the Internet. Example: www, e-mail, ftp. The purpose of the DMZ is to create a segregated network and having those systems with the most exposure by themselves. If a "hacker" breaks into your www server you have a better chance of the person not being able to adulterate the rest of your network since logically it shouldn't have any ties with your DMZ segment. James Williams Network Systems Engineer -----Original Message----- From: shrike-list-admin@xxxxxxxxxx [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Buck Sent: Monday, October 06, 2003 8:19 AM To: shrike-list@xxxxxxxxxx Subject: RE: Which Firewall solutions I am a bit new to Linux, but for the last three years DMZ on a firewall has represented an open, unprotected address. I sometimes set the DMZ to my computer which has a software firewall so I can do things normally blocked by the firewall. This isn't some fluke as I have used three hardware firewalls and all agree. Also, the book "Red Hat Internet Server" talks about the DMZ and in its description and drawing it agrees. The DMZ is an unprotected area of the network. The diagram used shows the internet, the DMZ and then the firewall. The web server and email server were in the DMZ and the network file server and workstations were all protected by the firewall. In several cases, I found the authors puzzled as to how it was named after the DMZ war zone when it appears to have the opposite meaning from the Viet Nam and Korea wars. In everything I have read and used, the last place to put a server is in the DMZ. Buck -----Original Message----- From: shrike-list-admin@xxxxxxxxxx [mailto:shrike-list-admin@xxxxxxxxxx] On Behalf Of Rodolfo J. Paiz Sent: Monday, October 06, 2003 5:24 AM To: shrike-list@xxxxxxxxxx Subject: RE: Which Firewall solutions DMZ is "demilitarized zone," a term IIRC created in the Vietnam War. Means an area where neither side goes freely and all traffic is watched. You generally put servers in there, so NOTHING comes into your internal network and it is easier to secure: both your internal clients and the people out on the Internet connect to servers in the DMZ. The DMZ servers, in turn, do not need free access to the Internet so you can lock them down more tightly, another improvement to security. This is the way I see it, anyway; it's not a texboot definition. -- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list