Date: Wed, 10 May 2000 18:32:41 -0700 From: "Dan O'Connor" <dan@mostgraveconcern.com> To: "James A Wilde" <james.wilde@telia.com>, "FreeBSD-questions" <freebsd-questions@FreeBSD.ORG> Subject: Re: Offtopic - DMZ Message-ID: <019301bfbae9$1491a9a0$0200000a@danco>
next in thread | raw e-mail | index | archive | help
>Sorry to be off-topic, but I'd like to get the team's opinion of the
meaning
>of the term DMZ. I've always assumed that this refers to the Internet
>Service lan on a triple-homed computer, where the three interfaces are
>directed to a) the - hopefully - secure private network, b) the protected
>but not fully so IS lan (DMZ) and c) the Internet, where the bad guys are.
>
>However, I keep seeing references which indicate that people see the
>Internet as the DMZ. I can't see that there is anything demilitarized
about
>the Internet...
The definition given on www.whatis.com,
"In computer networks, a DMZ (demilitarized zone) is a
computer host or small network inserted as a 'neutral zone'
between a company's private network and the outside
public network...."
describes what is more accurately defined as a 'bastion host'...
A bastion host is a firewall/proxy server on its own network between two
routers. The outside network and the inside network can both talk to the
bastion host, but can't talk to each other. And the bastion host cannot
*initiate* connections to the inside network.
--Dan
--
Dan O'Connor
On Matters of Most Grave Concern
http://www.mostgraveconcern.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?019301bfbae9$1491a9a0$0200000a>