× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2001

Re: IIS to as/400 odbc

On Tue, Aug 14, 2001 at 10:50:00PM -0500, Joe Pluta wrote:
> While I like Mr. Silberberg's reference, it doesn't say in plain English the
> important thing about a DMZ: it requires TWO firewalls, however they are
> implemented.

Not true.  You can indeed implement a DMZ with two firewalls and the DMZ
between them, but you can also have a DMZ with just one firewall.  In the
latter case, the firewall has three network interfaces: the external
(untrusted) interface, the internal (trusted) interface, and the DMZ
(partially trusted) interface.  I suspect that the one-firewall version is
the method used by all but the most free-spending/paranoid companies.

Your summary of a DMZ is pretty accurate, but I'll try to summarize my
views.  The DMZ is where any servers providing services to the outside
world go.  If a computer on the Internet needs to initiate a connection to
a host on your network, that host goes in the DMZ.  The DMZ is behind a
firewall that will only let traffic of the appropriate type through--no
HTTP requests to a machine that's only a mail server.  In addition, the
firewall is very limiting about what connections it allows inbound from
the DMZ.  A web server might have to connect to an internal database
server, but it wouldn't be allowed anything outside the scope of its
needs.  Ideally, it wouldn't be allowed in at all.  This protects the
computers on your "main" network, even if the DMZ hosts are compromised.

In practice there are a lot more security considerations, and the world is
never as ideal as I've presented it, but those are the basics of how a DMZ
functions--it keeps your Internet servers away from your other computers
while still allowing them some degree of firewall protection.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.