RE: Which Firewall solutions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



DMZ is a mis-nomer, it should be EHF (exposed to hostile fire).

Then again, DMZ is a misnomer in most other applications also.

DMZ use implies 3 things: a machine that is EHF, a firewall of some type, and a machine (or network of machines) behind the firewall.

Suggest: put one machine with one disk in the DMZ but keep a duplicate of that system's drive on another machine that is behind the firewall as a
protected drive.

When (not if) your EHF machine is compromised, restoring it requires copying 
the entire disk image from its 'safe house' to the DMZ machine.  Updates
of the DMZ machine's drive (web page updates) require modifying the protected 
drive, then updating (man rsync) the DMZ machine's drive from the protected drive.

Comments?

Brian Brunner
brian.t.brunner@xxxxxxxxxxxxxxx
(610)796-5838

>>> jwilliams@xxxxxxxxxxxxxx 10/06/03 09:30AM >>>
You put information systems in the DMZ that are meant to openly
accessible to an unprotected network such as the Internet. Example: www,
e-mail, ftp.

The purpose of the DMZ is to create a segregated network and having
those systems with the most exposure by themselves. If a "hacker" breaks
into your www server you have a better chance of the person not being
able to adulterate the rest of your network since logically it shouldn't
have any ties with your DMZ segment.

James Williams
Network Systems Engineer

-----Original Message-----
From: shrike-list-admin@xxxxxxxxxx [mailto:shrike-list-admin@xxxxxxxxxx] 
On Behalf Of Buck
Sent: Monday, October 06, 2003 8:19 AM
To: shrike-list@xxxxxxxxxx 
Subject: RE: Which Firewall solutions


I am a bit new to Linux, but for the last three years DMZ on a firewall
has represented an open, unprotected address.

I sometimes set the DMZ to my computer which has a software firewall so
I can do things normally blocked by the firewall.  This isn't some fluke
as I have used three hardware firewalls and all agree.  Also, the book
"Red Hat Internet Server" talks about the DMZ and in its description and
drawing it agrees.  The DMZ is an unprotected area of the network.  The
diagram used shows the internet, the DMZ and then the firewall.  The web
server and email server were in the DMZ and the network file server and
workstations were all protected by the firewall.  In several cases, I
found the authors puzzled as to how it was named after the DMZ war zone
when it appears to have the opposite meaning from the Viet Nam and Korea
wars.

In everything I have read and used, the last place to put a server is in
the DMZ. 

Buck

-----Original Message-----
From: shrike-list-admin@xxxxxxxxxx [mailto:shrike-list-admin@xxxxxxxxxx] 
On Behalf Of Rodolfo J. Paiz
Sent: Monday, October 06, 2003 5:24 AM
To: shrike-list@xxxxxxxxxx 
Subject: RE: Which Firewall solutions



DMZ is "demilitarized zone," a term IIRC created in the Vietnam War.
Means 
an area where neither side goes freely and all traffic is watched. You 
generally put servers in there, so NOTHING comes into your internal
network 
and it is easier to secure: both your internal clients and the people
out 
on the Internet connect to servers in the DMZ. The DMZ servers, in turn,
do 
not need free access to the Internet so you can lock them down more 
tightly, another improvement to security. This is the way I see it,
anyway; 
it's not a texboot definition.


-- 
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx 


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx 
https://www.redhat.com/mailman/listinfo/shrike-list 





-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx 
https://www.redhat.com/mailman/listinfo/shrike-list 


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx 
https://www.redhat.com/mailman/listinfo/shrike-list



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept
for the presence of computer viruses.

www.hubbell.com - Hubbell Incorporated
**********************************************************************


-- 
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list

[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux