Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Whats a DMZ....???

  1. #1
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289

    Question Whats a DMZ....???

    Hey Guys, I am new here but not necessarily new with the security...had been interested with it since an year ( And you call not new ..eh!). I am just introducing myself with a question :

    I am a 18 year old guy 4m India ( Uh! another INdian......they come everywhere!) and am at home with much of the stuff spoken here MINUS some Abbreviations whgose expanded forms are not with me! Since I dont know as much as othe senior members do, I shall be regularly seekin help from you guys...Hope you hel;p me out!

    So Just sometime ago, I was reading about a DMZ ( de-militarised ZONE). I have heard of this term a number of times before but never got time or probably wasnt interested enough to get something in detail about the stuff!

    Can anyone of you give me an explanation of what DMZ is (if possible with links)?

    Please dont tell me to search on google, I tried it and got results on its usage even after changing keywords for 4-5 times.

    I also see a native relevance of Linux and DMZ? Is it solely related to Linux networks?

    ~Jockey
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  2. #2
    A DMZ is a term used to describe a network segment isolated from the main internal network, but availble to the public internet. This is accomplished via firewalls, routers and/or physical network design. It is not a term limited to networks using Linux. However, Linux systems can often be the firewalls/routers used to isolate the DMZ network segment.

  3. #3
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi


    This is what I have for Dlink, I use the DMZ for my Son's Sony Playstation 2 console


    The DMZ feature allows you to forward all incoming ports to one computer on the local network. The DMZ, or Demilitarized Zone, will allow the specified computer to be exposed to the Internet. DMZ is useful when a certain application or game does not work through the firewall. The computer that is configured for DMZ will be completely vulnerable on the Internet, so it is suggested that you try opening ports from the Virtual Server or Firewall settings before using DMZ.

    You will need to know the IP address of the computer you want to use as the DMZ host.
    DLink


    Luck
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  4. #4
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Well ... I am confused a bit...let me explain what I understood...and tell me if I amright or close to being right : overall I see that a DMZ is a single computer or a network or computers which n normal scene are not protected by a firewall and they are accecbile on the internet.

    I can understand that this might be possible but afterall can someone give me an exaple as to how can one isolate a computer network from the main one ad stll keep it available on the interent through the same backbone?

    ~Jockey
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  5. #5
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    From Wikipedia:
    In computer security, a demilitarized zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization's internal network and an external network, usually the Internet. The point of a DMZ is that connections from the internal and the external network to the DMZ are permitted, whereas connections from the DMZ are only permitted to the external network -- hosts in the DMZ may not connect to the internal network. This allows the DMZ's hosts to provide services to the external network while protecting the internal network in case intruders compromise a host in the DMZ. For someone on the external network who wants to illegally connect to the internal network, the DMZ is a dead end.
    read the rest at:
    http://en.wikipedia.org/wiki/Demilit...28computing%29
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    A DMZ can be a lot of things.

    A number of my friends fought the NVA just south of a DMZ back in the 1960's...



    edit -- on the other hand, I'm sittin' behind a DMZ as I type this. Rapier, dalek and westin pretty much hit the nail on the head. If you're running a router, log in and check out the settings. Most routers, even the most basic ones, will have an optional DMZ setting for one ip address. Even the more sophisticated gateways will have DMZ settings. Basically, your options with a DMZ is to put one ip address there, a computer, typically a webserver, fully exposed to the internet. And it can even be a gateway or another router, which could have computers behind it too.

    I actually learned a lot about viruses by deliberately infecting a Windows PC, putting it on a DMZ (I was using Smoothwall at the time), and watching it with netstat or tcpview. Be careful though: not all DMZ's are created equal. Some don't really isolate the ip address in the DMZ. Even from the linux-based gateway I'm behind now, I can login to the primary router (a chintzy Netgear P.O.S.). The DMZ's on low-end routers (most consumer models) are typically crap, whereas the DMZ on a Smoothwall is for real (in other words, it truly isolates the computer(s) in the DMZ from the rest of the network). Make sense?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Brokencrow and westin....Thanks a lot...westin gave me the link to Wikipedia ( i dont know why..I never head on to this resource even after being referred by my friends both online and offline...perhaps coz after I see the letter "G", google comes to mind and for me its like the dead end of search)...

    Anyway thanks again bopth of you....the images and the "SIMPLE" language of wiki was really very very helpful and brokencrow explained everything in a lot detail than I needed/wanted.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    Well wikipedia should not be used as the ultimate reference that some people make it out to be.. Mainly because that definition is really really wrong...

    I can think of a lot of examples where machines sit in the DMZ and still communicate with machines on the internal network... Just about all online banking activities are done this way, and can anybody say ISA server... It is fairly common practice to place an ISA server in a DMZ and then allow it to communicate with backend servers such as SQL, Oracle, Exchange etc.... ISA is only one of the many transaction related services that can safely transmit data between a DMZ and the private network.

    So saying that that machines in a DMZ are not allowed to talk to machines on the private network is not accurate.

  9. #9
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Thanks for the information. Howqever I cant believe that WIKIPEDIA can contain anything wrong in it! So many people including some of my friends trust it as the ultimate re3ference guiode for their most daily requirement for knowledge!!!

    Even though I dont use it anyway ( unless pointed out by others )
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  10. #10
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I'm no pro at this, so I tried to stay out of it, BUT .....
    Howqever I cant believe that WIKIPEDIA can contain anything wrong in it!
    You are joking, aren't you?

    What is a DMZ ?

    Simple answer:
    A buffer between the internal and external networks.

    Here is a simple answer found on the web: Definition of: DMZ ( from pcmag.com )

    a little more complete but not quite accurate definition: SearchWebServices.com

    Since the last definition mentions Cisco, lets see what they have to say:

    Usually the requirements for DMZs tend to be the same regardless of the design implementation. As in the previous case, DMZ servers are supposed to be accessible from external clients as well as from the internal network. DMZ servers will eventually need access to some internal resources, ...
    ( from Securing Networks with Private VLANs and VLAN Access Control Lists ; talks about a lot more then a DMZ, a little over the top for this discussion, but is worthwhile reading. )

    What I believe WIKIPEDIA should say is that hosts in the DMZ should not be able to initiate connections to the internal network, unless in response to predetermined and predefined criteria, and then only in a predetermined and qualified manner.

    Does that make sense?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •