Re: DMZ When to use
From:Date: 07/05/02
- Next message: : "Re: Blue screen with IE6 and ZA?"
- Previous message: Nick Le Lievre: "Re: Help - Port 80 being targeted"
- In reply to: Wolfgang Kueter: "Re: DMZ When to use"
- Next in thread: Duane Arnold: "Re: DMZ When to use"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 05 Jul 2002 16:31:04 GMT
I'll read that book. - thanks
"Wolfgang Kueter" <wolfgang@shconnect.de> wrote in message
news:ag44ng$606$1@news.shlink.de...
> Duane Arnold <darnold92@insightbb.com> wrote:
>
> > DMZ is a feature that a router uses, but I guess it could be used on a
Linux
> > firewall box too.
>
> DMZ stands for 'DeMilitarizedZone', it has nothing to do with routers
> but is a classic architecture and the place for public servr and/or
> proxies when connecting a trusted network to an untrusted network.
>
> You might like to read a good book about firewalls:
>
> Building Internet Firewalls, 2nd Edition
>
> By Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman
> 2nd Edition June 2000
> 1-56592-871-7, Order Number: 8717
>
> http://safari.oreilly.com/main.asp?bookname=fire2&snode=69
>
> > I have not used Linux yet.
>
> It has nothing to do with Linux, it is a question about firewall
architecture
> and therefore is platform independant.
>
> > In the router example, using
> > DMZ for a machine that is connected to the router only exposes that one
> > machine or IP address, if you will, to the Internet.
>
> This is usually called network adress translation (NAT), or to be more
> precise PAT.
>
> > The other machines are still behind the router's firewall.
>
> 'The routers's firewall', what a phrase. Usually the router will do
> packet filtering and deny connection attemps from the outside to the
> hosts behind it. Besides that the use of RfC-1918 addresses for the
> machines in the trusted network makes them unreachable from the outside.
>
> > If some how you had connected ten other
> > machines to that one machine that was using DMZ, they would be exposed
to
> > the Internet too.
>
> This depends only on the ruleset of the packet-filter.
>
> > Looks to me like you should get a router. Getting a router eliminates
the
> > need to ICS between machines. All the machines connected to the router
would
> > be able to use the single IP provided by the ISP.
>
> And still a DMZ can be set up with portforwarding to certain machines
> within the DMZ. This setup is not very common but possible.
>
> > I wondering why you are not using Remote Desktop Sharing of
> > NetMeeting, which comes with the MS operating system, to control a
> > machine remotely
> > instead of RDP. It's much simpler and works great. NetMeeting is what
> > I use to access the desktop of any machine on my network and control
> > that computer remotely.
>
> The H.323 protocol that netmeeting uses is almost to control by
> firewalls (packet-filter, application level gateways, whatever). Never
> use netmeeting over firewalls.
>
> > 'Trusted IP" for all my machines behind the router, since the router
uses
> > DHCP and assigns the same IP to a machine. That way I don't have to get
into
> > opening a specific port to use NetMeeting on any machine connected to
the
> > router.
>
> Instead almost anything is opened automatically since netmeeting uses a
> lot of random ports.
>
> Read a good book about H.323 and think again whether you want to allow
> that.
>
>
http://www.google.de/search?q=H.323+Protocol+Ports&ie=UTF-8&oe=UTF-8&hl=de&b
tnG=Google-Suche&meta=
>
> might get you an idea ...
>
> Wolfgang
> --
> A foreign body and a foreign mind,
> never welcome in the land of the blind.
> Peter Gabriel, Not one of us, 1980
- Next message: : "Re: Blue screen with IE6 and ZA?"
- Previous message: Nick Le Lievre: "Re: Help - Port 80 being targeted"
- In reply to: Wolfgang Kueter: "Re: DMZ When to use"
- Next in thread: Duane Arnold: "Re: DMZ When to use"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
