Re: Verizon DSL->WIFI Security

["Bryan J. Smith" <b.j.smith@ieee.org>]

On Thu, 2005-12-08 at 10:50 -0600, William Underwood wrote:
> You do realize that DMZ stands for "Demilitarized zone", as in
> "no security", right?

Not exactly "no security" but a place _away_ from _both_ the LAN and the
"raw" Internet.

> When you set up a DMZ, you're saying, "hey world, look as my
> system(s) as if they were directly attached to the internet",
> and possibly, "See if you can hack them!"....
> Typically, you'd only set up a DMZ for a well secured system,
> running it's own firewall,

I assume you meant on it's own firewall _port_.  There's _nothing_ wrong
with a DMZ on the same firewall, but it needs to be a _different_
firewall port than your LAN.

> for a specific purpose, such as email/web/ftp/ssh/etc server.  For
> most, you don't even need to do that, you just punch a hole in the
> router to the system in question...
> I strongly suggest that you disable the DMZ on your router...

If it's going to your LAN, I agree -- use a firewall that has a
different _port_ for the DMZ.


-- 
Bryan J. Smith   mailto:b.j.smith@ieee.org
http://thebs413.blogspot.com
------------------------------------------
Some things (or athletes) money can't buy.
For everything else there's "ManningCard."



-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.