[Wolves] RE: Same machine : 2 Nic's -- 1 DMZ 1 LAN

Stephen Murphy steve at stephenmurphy.org.uk
Sat Jan 8 14:20:25 GMT 2005


Dear Kevan
 
> Well to show my ignorance yet again.... could somebody please tell me
> what a DMZ is?  I know it stands for De Militarized Zone but that's
> all I know.  Oh, please give me an explanation in lay terms :-)))
 
As you correctly say, a DMZ is a De-Militarised Zone.  This is a network 
security term.  Basically it is a border network between the internet and 
your LAN. The DMZ is bounded by routers and firewalls on both sides.  I think 
the best way to explain it is with an example:

Lets say you have a company LAN (Local Area Network) with all your critical 
computers on it and a company web server that serves pages for public 
viewing.  Clearly, people on the LAN want access to the internet and people 
on the internet want access to the company web server.  However, you don't 
want people on the internet to access your LAN.  If you put the web server on 
the LAN, and someone hacked it they could then potentially access other 
computers on the LAN as they are all on the same network.  To try to prevent 
this, or at least make it more difficult, you would place the web server on 
its own network.  This network is the DMZ and sits between your LAN and the 
internet.  Access from the DMZ to the LAN and vice-versa is strictly 
controlled by routers and firewalls.  If they hack the web server now, they 
still have to get past the firewall and router between the DMZ and LAN to get 
to your computers on the LAN.

Hope this helps, feel free to shout if I've made it as clear as mud ;-)

Regards,

Steve

Enjoying Gentoo related fun and frolicks as we speak...
-- 
Stephen Murphy - West Midlands, UK
steve at stephenmurphy.me.uk
http://www.stephenmurphy.me.uk



More information about the Wolves mailing list