Firewall Wizards mailing list archives
RE: DMZ, defined.
From: David LeBlanc <dleblanc () mindspring com>
Date: Tue, 02 Feb 1999 10:47:20 -0500
At 05:01 PM 1/29/99 -0500, Frederick M Avolio wrote:
It is incredible to me that after someone like Steve Bellovin reminds everyone in a post what a DMZ is, the conversation continues and we are offered "opinions" from people who admit they are "new to firewalls."
Discussion is useful when people are trying to form a consensus, or when they are trying to formulate something (such as a definition). Discussion is really thrashing when we give our opinions about something that is not open for debate -- in this case the definition of a term that has been used for 4 or 5 years now.
If it isn't open to debate, then why would people STILL be arguing about it here? You apparently have not studied much of the history of language. I happened to study this subject for some time while in undergraduate school, and you'll find that most language usage is actually open to debate. 4-5 years? That's a blink of the eye in terms of language. Steve Bellovin may have written an excellent book, and be one of the better sources of information in this area, but he isn't appointed as guardian of the term DMZ. Definitions are normally very fluid in a new area for quite some time. If the term had been in constant use for _40_ years, you might have a better point.
Terms, to be useful, have meanings.
Yes, and usually several of them. It is a rare entry in Webster's that doesn't have > 1 definition, and many words have several different, but related meanings. That's one of the wonderful things about standards - so many to choose from!
While meanings do not have to be universal, they should be bounded be *something*. A technology area, for example. So, "firewall" can mean one thing in home building and another thing in network security. But if it has "personal" meanings to individuals, then it ceases to be a useful word.
This is obviously not the case. If you think about this for a moment, such terms as 'truth', 'love', and many, many other very useful terms all have personal contexts. It is really quite common that usages will vary, even within the same area. We're going through an enormous amount of political nonsense in the US because 'sexual relations' means different things to different people. For a real lesson in this area, go argue for a bit with some of the pedantic twits who inhabit USENET, and you'll find debates over such things as my usage of 'common' above.
DMZ is a defined term. It is not a matter of opinion. One can say that because it is defined, it is not something one can hold an opinion on. (I know that don't teach absolute truths in university today, but there you have it.) Read smb's post or the papers to *know* what a DMZ is. Firewall is also a well defined term.
That would be a circular argument. It obviously _is_ a matter of opinion, because several people here have presented quite rational arguments defending several interpretations of the term. Since there ARE differing opinions, then it follows that the term has _more than one definition_. If you feel like 'firewall' is a well-defined term, then get on any firewalls list and claim that MS's Proxy Server is a firewall, and watch the ensuing battle. Then for grins go talk to the people at Microsoft who actually create the product, and tell them it is _not_ a firewall. If you feel like the term is well-defined and doesn't have shades of grey (e.g., just how complex does a router need to be before it qualifies as a firewall?) after this exercise, I'd be very surprised. At this point, it is very obvious to me that the term has different meanings to different people, and that I generally need to get someone to describe the network layout in detail before I'll understand just how to SECURE it. Once I understand what _they_ mean, then we can happily use the term as shorthand for the network segment over there with such and such machines on it. Arguing about whether their usage is proper will just delay my getting to the interesting part, which is how someone might attack that particular network segment. I just hate it when I get so frustrated over some net topic that I end up contributing to continuing it... 8-( David LeBlanc dleblanc () mindspring com
Current thread:
- RE: DMZ, defined. Frederick M Avolio (Feb 01)
- RE: DMZ, defined. David LeBlanc (Feb 02)
- Re: DMZ, defined. Adam Shostack (Feb 03)
- Re: DMZ, defined. Joseph S D Yao (Feb 04)
- Administrivia, was Re: DMZ, defined. Marcus J. Ranum (Feb 04)
- Re: DMZ, defined. Roger Nebel (Feb 04)
- Re: DMZ, defined. Adam Shostack (Feb 03)
- RE: DMZ, defined. carson (Feb 03)
- Re: DMZ, defined. Joseph S D Yao (Feb 04)
- <Possible follow-ups>
- RE: DMZ, defined. graham, randy (Feb 02)
- RE: DMZ, defined. Frederick M Avolio (Feb 02)
- RE: DMZ, defined. Crumrine, Gary L (Feb 04)
- RE: DMZ, defined. David LeBlanc (Feb 02)