[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verizon DSL->WIFI Security



just as an fyi, most simple dsl/cable routers (including the ones handed
out by isps that double as cable modems/dsl modems) dont do dmz in this way.

yes normally one would want 3 "faces" to one's firewall, public
internet, dmz, and private lan, these routers dont do that.  for them
the dmz is a specific ip on the private lan "face" of the router.

i do agree with disabling the dmz option in the router unless you are
really willing to deal with the risks associated with a machine being
directly on the internet without any form of firewall protecting it

Casey Boone

Bryan J. Smith wrote:
> On Thu, 2005-12-08 at 10:50 -0600, William Underwood wrote:
>   
>> You do realize that DMZ stands for "Demilitarized zone", as in
>> "no security", right?
>>     
>
> Not exactly "no security" but a place _away_ from _both_ the LAN and the
> "raw" Internet.
>
>   
>> When you set up a DMZ, you're saying, "hey world, look as my
>> system(s) as if they were directly attached to the internet",
>> and possibly, "See if you can hack them!"....
>> Typically, you'd only set up a DMZ for a well secured system,
>> running it's own firewall,
>>     
>
> I assume you meant on it's own firewall _port_.  There's _nothing_ wrong
> with a DMZ on the same firewall, but it needs to be a _different_
> firewall port than your LAN.
>
>   
>> for a specific purpose, such as email/web/ftp/ssh/etc server.  For
>> most, you don't even need to do that, you just punch a hole in the
>> router to the system in question...
>> I strongly suggest that you disable the DMZ on your router...
>>     
>
> If it's going to your LAN, I agree -- use a firewall that has a
> different _port_ for the DMZ.
>
>
>   


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.