Firewall Wizards mailing list archives
Re: DMZ best practices
From: Bill_Royds () pch gc ca
Date: Mon, 18 Jan 1999 17:30:26 -0500
The segment behind a third NIC that carries servers that one runs but may not trust (because they are open to public) could be called the dirty segment. or server segment. Vendors call it the DMZ because early firewalls with only 2 nics put servers on the true DMZ. One does need a segment that allows servers to be protected by direct attacks but would also be restricted in access to internal use. Partitioning if capabilities by need to know is one of the fundamental ideas in security, whether computer or otherwise. Putting servers on a restricted segment that does not know the inside topology is an implementation of this policy. What you call it is less important than what it does. Please respond to "John Kozubik" <john_kozubik_dc () hotmail com> To: firewall-wizards () nfr net, perry () timpo osd mil cc: (bcc: Bill Royds/HullOttawa/PCH/CA) Subject: Re: DMZ best practices Perry, A lot of whiz-bang firewall packages offered these days (Checkpoint software's FireWall-1 comes to mind) offer you the ability to implement a 'DMZ'.
Current thread:
- DMZ best practices Perry, David (Jan 15)
- Re: DMZ best practices Bennett Todd (Jan 19)
- <Possible follow-ups>
- Re: DMZ best practices John Kozubik (Jan 18)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Amos Hayes (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 19)
- Re: DMZ best practices Jeromie Jackson (Jan 19)
- Re: DMZ best practices Bill_Royds (Jan 19)
- RE: DMZ best practices Andreas Haug (Jan 20)
- Re: DMZ best practices John Kozubik (Jan 20)
- Re: DMZ best practices Security (Jan 20)
- Re: DMZ best practices Dominique Brezinski (Jan 21)
- RE: DMZ best practices Bill_Royds (Jan 21)
- RE: DMZ best practices Andreas Haug (Jan 26)
- Re: RE: DMZ best practices Robert MACDONALD (Jan 21)
- Re: RE: DMZ best practices Joseph S D Yao (Jan 26)
- RE: DMZ best practices Security (Jan 26)
- RE: DMZ best practices Dominique Brezinski (Jan 26)
(Thread continues...)