Jump to content

Talk:DMZ (computing)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 72.200.196.17 (talk) at 22:08, 31 August 2015 (Dual Firewalls and security through obscurity: State the risks of accidental misconfiguration across products from multiple vendors.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
WikiProject iconComputer security: Computing Start‑class High‑importance
WikiProject iconThis article is within the scope of WikiProject Computer security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer securityWikipedia:WikiProject Computer securityTemplate:WikiProject Computer securityComputer security
StartThis article has been rated as Start-class on Wikipedia's content assessment scale.
HighThis article has been rated as High-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (assessed as Low-importance).
Things you can help WikiProject Computer security with:
Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...
  • Review importance and quality of existing articles
  • Identify categories related to Computer Security
  • Tag related articles
  • Identify articles for creation (see also: Article requests)
  • Identify articles for improvement
  • Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
  • Find editors who have shown interest in this subject and ask them to take a look here.
WikiProject iconComputing: Networking Start‑class Low‑importance
WikiProject iconThis article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing
StartThis article has been rated as Start-class on Wikipedia's content assessment scale.
LowThis article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force (assessed as Mid-importance).

Update

I have updated the article and removed the stub. If you have any comments, please let me know. Jasonlfunk 15:45, 11 October 2007 (UTC)[reply]

Illustrations

The picture does not show a proper DMZ. It should look like (in ascii art): 

                                     |
[internet]----[Firewall/router]----- | ------[Firewall]-----[Internal network]
                                     |
                                   [DMZ]

What is shown here is a three-legged firewall concept.

Greg Rojas


I am confused as to the way a DMZ is laid out. The pictures are showing two different methods, which I understand are differences in topography. But, how is the ascii art dipiction laid out with the actual machines, is there a router between the firewalls? There should maybe be an illustration in the article or more detailed discriptions. 12:08 CDT, 02 June 2006

Software used to make them?

Unrelated query, but, anyone know what software was used to make the illustrations in this article? I doubt it was Visio. Thanks! —S3BST3R (talk) 22:49, 28 June 2011 (UTC)[reply]

The boundary between

The term DMZ has been used to describe the boundary between autonomous networks, likely predating the adoption of the term by firewall vendors.

Cjcoleman 20060121 it was used for computation purposes too. —Preceding unsigned comment added by 59.177.41.244 (talk) 09:50, 24 December 2010 (UTC)[reply]

Whether DMZ can be one of the NIC of the firewall

Is it possible to configure one of the network card IP of the firewall(With 3 Network Card) as DMZ. One NIC to Internal network One NIC to external network

Response to above

I believe that many people do this: configure the one Firewall to be the connection between DMZ and LAN and External. However, if the Firewall is breached from the outside then there is the potential to get to the LAN as easily as they get to the DMZ. It is a more secure solution to use 2 Firewalls.

82.211.102.231 10:09, 1 December 2006 (UTC)Helen[reply]

Article title wrong?

Everyone understands that the term "DMZ" in computing is short for "demilitarized zone", but no one in computing ever actually says "demilitarized zone" (except in answer to the question "what does DMZ stand for?"). And the article reflects this; the full term is never used again after the first sentence.

So I think the article should be renamed to "DMZ (computing)", and the first paragraph updated accordingly. Or maybe even renamed to just "DMZ", with a disambiguation link to "Demilitarized zone" (since, eg, googling for "DMZ" turns up this article first and the military article second). —Preceding unsigned comment added by 24.99.22.247 (talk) 18:13, 30 May 2008 (UTC)[reply]

Done --h2g2bob (talk) 21:13, 28 October 2008 (UTC)[reply]

Article title wrong!

Better to call this a 'Data Management Zone'. —Preceding unsigned comment added by 194.110.215.6 (talk) 12:40, 10 March 2009 (UTC)[reply]

I'd like some source info on this. As a 13 year IT veteran and many other people I communicate with just as much if not more IT experience have NEVER heard of 'Data Management Zone' and would prefer this is removed. A DMZ in terms of computing does root from Demilitarized Zone and is best described as that or a Perimeter Network. My re-wording of that in the first sentence could be helped by someone more elegant in their writing skills. thanks. Turnpike420 (talk) 18:42, 14 December 2009 (UTC)[reply]

Dual Firewalls and security through obscurity

The Dual Firewalls section mentions that using two firewalls is either "defense in depth" or "security through obscurity" as if they are opposite viewpoints. However, using two firewalls is not considered pejorative in this case (the security through obscurity wikipedia entry specifically states it is a pejorative term). It's goal is not to simply hide the internal network by obscure means (the goal of a single or dual firewall with DMZ is to "obscure" the LAN from access by design), but would provide real extra protection in the case of a security hole being found in the first firewall that didn't exist in the one from a second vendor. Thus, it is defense in depth (if the first measure fails the second may stand), but does not rise to the level of security through obscurity because even if you told the world the brand of both firewalls in use (and even the configuration, assuming both are properly configured), a vulnerability in the first wouldn't necessarily allow access through the second. Davidszp (talk) 17:42, 5 April 2011 (UTC)[reply]

There is no documented case of the compromise of a correctly-configured firewall. The dual-skinned architecture began to be popular as a result of the discovery that a certain firewall vendor incorporated a backdoor into their platform, so any discussion of two brands of firewalls is based on a misconception. Gregmal (talk) 9:13, 6 May 2013 (UTC)

Industry advice is that there is no merit to having firewalls from two vendors and in fact the support overhead increases the risk of mis-configuration. See Gartner 'Debunking the Myth of the Single-Vendor Network' G00208758 from 17 November 2010. — Preceding unsigned comment added by 137.191.247.20 (talk) 15:17, 4 August 2015 (UTC)[reply]

Accidental misconfiguration is more likely to occur in one or more ways across the configuration interfaces of two different vendors, which now require competency for two (potentially very) different configurations.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:DMZ_(computing)&oldid=678831471"