Firewall Wizards mailing list archives

RE: DMZ, defined.

From: dreamwvr <dreamwvr () dreamwvr com>
Date: Tue, 26 Jan 1999 12:48:28 -0700

Since DMZ is taken how about calling it the 'The Pen' seems to fit from 
my understanding of the language;) Since according to definition 
namely 'Webster Dictionary' it is a enclosure for animals. Well since
the big I is often called 'The Wild' it works for me:)
                                                Regards,
                                                dreamwvr () dreamwvr com
At 09:32 PM 1/21/99 -0500, Paul D. Robertson wrote:

On Thu, 21 Jan 1999, graham, randy wrote:

So now we have a language expert.  This talk about what a DMZ "really" is
seems to miss one extremely important feature of language - change.  Just


An equally important feature of language is to use traditional meanings 
to communicate effectively.

check out the OED (Oxford English Dictionary) sometime.  The meaning of a
word changes over time.  John, you no more have the right to give an
absolute definition than anyone else here.  I think beyond saying that the


Yet not pointing out a generally accepted meaning to a term that has 
traditionally been used in a field can cause confusion.

DMZ is a less heavily protected region somewhere in our network arena (and
even some people might disagree with this broad use), we really aren't

going

to have a general agreement on where exactly the DMZ goes.


In traditionally firewalling terms, a DMZ is a network inside of our 
network boundary but outside of our bastion host.  Wanting it to be 
anything else doesn't automatically make it so.

So an area behind a/the firewall off a third NIC cannot be called a DMZ.


It can be called "Grape Kool-aid", but that doesn't make it such or 
follow established tradition.

Why not?  Because you don't want to call it that?  I put some equipment


No, because such networks have traditionally been labled as "service 
networks", in keeping with the fact that they are offered some form of 
protection by the bastion host, and therefore topologically different 
than the tradtional DMZ.

there work, but try to offer some protection.  Why can't I call this a DMZ
if that's what I think of as the DMZ?  It is fairly open, but I restrict


You can, but when you speak with others in the firewall community they'll 
think you mean something else.  There's nothing stopping you from calling 
it a "protected internal network" either.  Just don't expect others who 
are using the terminology built up in the field over a long period of 
time to (a) understand you, or (b) follow your terminology whims.

what I can.  I track as well as I can what goes in and out there.  It
doesn't have any more access to my internal net than the outside world.
What's missing here?


What's missing is several years of firewalling architecture discussions 
which have built up some commonly used terminology.

I really don't mean to be a jerk about this (I get to be a jerk at work
enough that I don't need to act like that on mail lists to meet my daily
recommended allowance).  In fact, I've enjoyed your recent postings and
learned quite a bit these past couple of days.  But please don't tell me

how

I can define a term.  As long as everyone with whom I speak knows how I use
the term, it should be fine.  I do know now what you mean by DMZ, but I


This causes ambiguity.  There's _more than enough_ ambiguity with terms 
such as "firewall", we really don't need more.

don't use the term the same.  As long as we know this about each other, we
can communicate effectively, and that is where we really need to be.


I'd question how effectively you can communicate, or what you do to a 
field by redefining terms to suit an individual whim.

If I tell my mechanic that the spark plug wire is bad, and I mean the 
previously established definition of spark plug wire which I and my friends 
use to mean "left indicator bulb", I've added confusion for no great reason.

Perhaps a better question would be what we gain from your use of a term 
which hasn't traditionally been used in the way in which you seem to want 
to use it.  As far as I can see, we gain ambiguity and confusion.

I'm not the language police, but I probably wouldn't agree to calling it 
"freebled whatsit network four" either.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                    PSB#9280

Reuters, London, February 29, 1998: 
Scientists have announced discovering a meteorite which will strike the 
earth in March, 2028.  Millions of UNIX coders expressed relief for being 
spared the UNIX epoch "crisis" of 2038.
_______________________________________________________________________

DREAMWVR.COM - TOTAL WEB INTEGRATION, DEVELOPMENT, DESIGN SERVICES. 
Featuring Website Development and Web Strategies of a TOP Developer 
<http://www.dreamwvr.com/dynamicduo.html> <mailto:dreamwvr () dreamwvr com>
"As Unique as the Company You Keep."        "===0 PGP Key Available  
________________________________________________________________________

Current thread:

DMZ, defined. John Kozubik (Jan 20)
- WinNT and Firewall-1 Alyea (Jan 21)
- RE: DMZ, defined. Andrew J. Luca (Jan 21)
- <Possible follow-ups>
- Re: DMZ, defined. Chris Kostick (Jan 21)
  - Re: DMZ, defined. dreamwvr (Jan 26)
- RE: DMZ, defined. graham, randy (Jan 21)
  - RE: DMZ, defined. Paul D. Robertson (Jan 26)
    - RE: DMZ, defined. dreamwvr (Jan 27)
    - RE: DMZ, defined. Paul D. Robertson (Jan 27)
    - Re: DMZ, defined. Joseph S D Yao (Jan 28)
    - RE: DMZ, defined. David LeBlanc (Jan 27)
- Re: DMZ, defined. Jon E. Hetty (Jan 21)
- RE: DMZ, defined. graham, randy (Jan 26)
  - RE: DMZ, defined. Paul D. Robertson (Jan 26)
- RE: DMZ, defined. Ken_Stephens (Jan 26)
  - RE: DMZ, defined. Chris Crozier (Jan 27)
- Re: DMZ, defined. Steve Bellovin (Jan 27)
- RE: DMZ, defined. Glenn Larsson (Jan 28)

(Thread continues...)