[Wolves] RE: Same machine : 2 Nic's -- 1 DMZ 1 LAN
Stephen Murphy
steve at stephenmurphy.org.uk
Sat Jan 8 14:20:25 GMT 2005
Dear Kevan
> Well to show my ignorance yet again.... could somebody please tell me
> what a DMZ is? I know it stands for De Militarized Zone but that's
> all I know. Oh, please give me an explanation in lay terms :-)))
As you correctly say, a DMZ is a De-Militarised Zone. This is a network
security term. Basically it is a border network between the internet and
your LAN. The DMZ is bounded by routers and firewalls on both sides. I think
the best way to explain it is with an example:
Lets say you have a company LAN (Local Area Network) with all your critical
computers on it and a company web server that serves pages for public
viewing. Clearly, people on the LAN want access to the internet and people
on the internet want access to the company web server. However, you don't
want people on the internet to access your LAN. If you put the web server on
the LAN, and someone hacked it they could then potentially access other
computers on the LAN as they are all on the same network. To try to prevent
this, or at least make it more difficult, you would place the web server on
its own network. This network is the DMZ and sits between your LAN and the
internet. Access from the DMZ to the LAN and vice-versa is strictly
controlled by routers and firewalls. If they hack the web server now, they
still have to get past the firewall and router between the DMZ and LAN to get
to your computers on the LAN.
Hope this helps, feel free to shout if I've made it as clear as mud ;-)
Regards,
Steve
Enjoying Gentoo related fun and frolicks as we speak...
--
Stephen Murphy - West Midlands, UK
steve at stephenmurphy.me.uk
http://www.stephenmurphy.me.uk
More information about the Wolves
mailing list