January 26th, 2004, 03:00 PM #1
I am shopping around for a new Gateway/Firewall for my company. One thing that i have noticed is that firewall manufacturers are now offering a DMZ port on the firewall appliance. DMZ is for Demiliterized Zone. And from what i understand, you would hook up your web, mail, and other published servers on you private LAN to this port so that they can be accessible from the internet. And, at the same time, they would be somehow separated from your other servers you want to keep safe. It does sound like a good idea.
When did this DMZ concept first get addapted to firewall appliances (is this something new) and is anyone implementing this type of setup?
January 26th, 2004, 03:06 PM #2
- Join Date
- Oct 2001
Ya lots of people put up DMZ's to seperate their internet servers from the rest of the server population.
It IS a good idea
The idea is
Internal can see external servers (traffic from internal servers to external allowed), but not vice versa (you can't even ping a internal server from the dmz).
That way if somebody hacks into the box, they can't go much farther than that.
You'd only allow for a VERY minor amount of traffic to go through, ie. for SQL queries or exchange if its an OWA box.
Then of course you limit it to a specific type of traffic as well.
They've been around for awhile, linksys routers typically come with one DMZ option where you can set one IP as a DMZ box ... usually for putting up a game server or something.Helicopters don't fly; they vibrate so much and make so much noise that the earth rejects them.
January 27th, 2004, 12:27 PM #3
As vass already noted, linksys routers allow one to DMZ one IP address. This is accomplished through the web-based management software built-in to the router itself.The difficulty is to try and teach the multitude that something can be true and untrue at the same time. -- Arthur Schopenhauer
January 27th, 2004, 10:23 PM #4
- Join Date
- Jan 2004
I'm sure you guys know a he*l of alot more about this than me but I'll throw this out anyway - D-Link and Belkin have the same option. Now I just know what it is for
January 27th, 2004, 10:33 PM #5
- Join Date
- Dec 2001
- BrisVegas, Australia
- Blog Entries
DMZ is a great idea! Got one set up with my IPCop router/firewall. Keeps the internet "open" box out of the LAN, so even if it gets hacked it can only get into that box, nowhere else. Got my web/mail/ftp server on it.
You can set what are called "pinholes" between the DMZ and LAN if you need to, eg for access to a SQL database or something.
Very useful, IMO.
MickI don't like sigs on forums like this.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)