On Mon, Oct 06, 2003 at 10:19:57AM -0400, Buck wrote: > Your discussion is most welcome. I take no offense. Thank you for > your input. > > I can understand where different people have adopted different > definitions to DMZ, but it appears that the firewall industry uses the > DMZ to refer those computers made available to the internet. This is > backed up by several books I have read on the issue. I know this for a > fact, you would not want to remove any internal firewall on your server > and then connect it to any of the hardware firewalls I have using their > DMZ, especially if its a Microsoft system. [snip] This discussion is becoming circular. Buck, you are essentially saying the same thing as Rodolfo: DMZs are where you stick internet-available servers. Any border firewalls ahead of DMZs are usually there for portforwarding purposes. DMZs by definition do not allow free access to a topologically adjacent LAN. And DMZs themselves should only allow access to as many ports as needed to allow traffic in, kill unnecessary services, blah, blah. -- Jack Bowling mailto: jbinpg@xxxxxxx -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
