what does "DMZ" which is between the inner & outer firewall means?

what does "DMZ"  which is between the inner & outer firewall means?
she1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stevenlewisCommented:
demilitarized zone
0
TannerManCommented:
The DMZ is an area for you to place servers/machines that you need exposed to the internet and do not want to open up holes into your internal network for accessing them. Some people refer to the DMZ as the anything goes territory because, unless you properly restrict the DMZ machines, they are wide open to attack. In summary,,,,a place to allow direct internet access to machines wihtout having to get to your internal network.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

she1Author Commented:
so it is inbetween the the inner & outer firewall, inside the inter firewall is the intranet which is your  internal network, is it right?


militarized  zone is fully exposed to the outside attack, is it right?

thanks
0
stevenlewisCommented:
>militarized  zone is fully exposed to the outside attack, is it right?


the demilitarized zone is

>>so it is inbetween the the inner & outer firewall, inside the inter firewall is the intranet which is your  internal network, is it right?
No, it is outside your firewall
0
stevenlewisCommented:
did  you check the link I provided, it explains it well
0
TannerManCommented:
Well, the best way to look at it is this.

Internet
       ^
       |
FIREWALLL --->DMZ network
       |
       V
Internal network


It is another network card on your firewall, but can visually be looked upon as setting out to the side. The firewall still is used to regulate the DMZ access.
The DMZ is somewhat fully exposed.  You can still control access, but it is MORE exposed than your private network by far.
It is just a way to get machines that MUST be accesssed by internet to a place that will limit the exposer to your ENTIRE netowrk.

Hope that helps.
0
stevenlewisCommented:
>>The firewall still is used to regulate the DMZ access
I disagree with this
the firewall is by passed in the DMZ
dmz explained in laymans terms
http://computer.howstuffworks.com/firewall4.htm
0
stevenlewisCommented:
>>The firewall still is used to regulate the DMZ access
I disagree with this
Of course I'll read any documentation that proves me wrong (always trying to learn) :-)
0
TannerManCommented:
Here you go
Trihomed DMZ
I have used this in ISA and Checkpoint Firewalls.
There are many, many diffrent ways to set it up.

http://www.isaserver.org/tutorials/ISA_Server_DMZ_Scenarios.html
0
stevenlewisCommented:
Cool, but I think that is a different scenario than a router/gateway firewall dmz?
0
TannerManCommented:
I am not going to debate here on she1's dime, but there was no mention of a router/gateway dmz in the posting. It was asked, however, about DMZ between Inner and Outer firewall wich really, my example to she1 was not indicative of.
In the same article you'll see the same setup known as Back to Back Private DMZ. That would be a DMZ that sets between and inner and outer firewall.

You disagreed that the firewall can still be used to regulate DMZ access. Using Checkpoint and ISA I have done just that. Hope that helps clarify where I was coming from in my personal opinion/experience of DMZ configuration options.
0
stevenlewisCommented:
:-)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jabiiiCommented:
basicly and most simplisticly.

A DMZ can either be a "extra" network off your FW or it can be a "safezone" for your internal network.

as an extra network it is just that you basicly have 2 internal networks and 1 external. (yes each internal has 2 external networks)

as a safezone you can route traffic incoming/outgoing through your dmz to be scanned/snooped/pooped before passing to either the internal or external

everything coming from outside your network can either go to your dmz, through your dmz to your internal, or straight to your internal, (reverse for outgoing)

and ofc, as stevenlewis said: demilitarized zone
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.