[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verizon DSL->WIFI Security

To: silug-discuss@silug.org
Subject: Re: Verizon DSL->WIFI Security
From: Casey Boone <caseyboone@gmail.com>
Date: Thu, 08 Dec 2005 11:23:33 -0600
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=bDTctDClF/8Zd3Jge8Hru3dc/VyGZb63rsY0/dY2UygKZoFfUaitl0RKHCDsglDJyO8uezWaDGsCrj9wp7C5dDAUHlt4FFSgmfvJvWmPruJ6kHdJuKK8CIBjC1Lj66952Q5ab8oB+0ZILSayJUwBDyCIjSo/Y//G5BMSK4yIqYA=
In-Reply-To: <1134062527.4915.22.camel@bert64.oviedo.smithconcepts.com>
Organization: Southern Illinois Linux Users Group
References: <4jmqt8$1odvj5f@mxip12a.cluster1.charter.net> <1134062527.4915.22.camel@bert64.oviedo.smithconcepts.com>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org
User-Agent: Thunderbird 1.5 (Windows/20051025)

just as an fyi, most simple dsl/cable routers (including the ones handed
out by isps that double as cable modems/dsl modems) dont do dmz in this way.

yes normally one would want 3 "faces" to one's firewall, public
internet, dmz, and private lan, these routers dont do that.  for them
the dmz is a specific ip on the private lan "face" of the router.

i do agree with disabling the dmz option in the router unless you are
really willing to deal with the risks associated with a machine being
directly on the internet without any form of firewall protecting it

Casey Boone

Bryan J. Smith wrote:
> On Thu, 2005-12-08 at 10:50 -0600, William Underwood wrote:
>   
>> You do realize that DMZ stands for "Demilitarized zone", as in
>> "no security", right?
>>     
>
> Not exactly "no security" but a place _away_ from _both_ the LAN and the
> "raw" Internet.
>
>   
>> When you set up a DMZ, you're saying, "hey world, look as my
>> system(s) as if they were directly attached to the internet",
>> and possibly, "See if you can hack them!"....
>> Typically, you'd only set up a DMZ for a well secured system,
>> running it's own firewall,
>>     
>
> I assume you meant on it's own firewall _port_.  There's _nothing_ wrong
> with a DMZ on the same firewall, but it needs to be a _different_
> firewall port than your LAN.
>
>   
>> for a specific purpose, such as email/web/ftp/ssh/etc server.  For
>> most, you don't even need to do that, you just punch a hole in the
>> router to the system in question...
>> I strongly suggest that you disable the DMZ on your router...
>>     
>
> If it's going to your LAN, I agree -- use a firewall that has a
> different _port_ for the DMZ.
>
>
>   


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

References:
- Re: Verizon DSL->WIFI Security
  - From: William Underwood <wllmundrwd@charter.net>
- Re: Verizon DSL->WIFI Security
  - From: "Bryan J. Smith" <b.j.smith@ieee.org>

Prev by Date: Re: Verizon DSL->WIFI Security
Next by Date: Re: Verizon DSL->WIFI Security
Prev by thread: Re: Verizon DSL->WIFI Security
Next by thread: Linux Visio
Index(es):
- Date
- Thread