Talk:DMZ (computing)

Computer Security: Computing Start‑class High‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles Start This article has been rated as Start-class on Wikipedia's content assessment scale. High This article has been rated as High-importance on the project's importance scale. This article is supported by WikiProject Computing (assessed as Low-importance). Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here.

Computing: Networking Start‑class Low‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Start This article has been rated as Start-class on Wikipedia's content assessment scale. Low This article has been rated as Low-importance on the project's importance scale. This article is supported by Networking task force (assessed as Mid-importance).

I have updated the article and removed the stub. If you have any comments, please let me know. Jasonlfunk 15:45, 11 October 2007 (UTC).[reply]

The picture does not show a proper DMZ. It should look like (in ascii art):

                                     |
[internet]----[Firewall/router]----- | ------[Firewall]-----[Internal network]
                                     |
                                   [DMZ]

What is shown here is a three-legged firewall concept.

Greg Rojas

I am confused as to the way a DMZ is laid out. The pictures are showing two different methods, which I understand are differences in topography. But, how is the ascii art dipiction laid out with the actual machines, is there a router between the firewalls? There should maybe be an illustration in the article or more detailed discriptions. 12:08 CDT, 02 June 2006

Unrelated query, but, anyone know what software was used to make the illustrations in this article? I doubt it was Visio. Thanks! —S3BST3R (talk) 22:49, 28 June 2011 (UTC)[reply]

The term DMZ has been used to describe the boundary between autonomous networks, likely predating the adoption of the term by firewall vendors.

Cjcoleman 20060121 it was used for computation purposes too. —Preceding unsigned comment added by 59.177.41.244 (talk) 09:50, 24 December 2010 (UTC)[reply]

Is it possible to configure one of the network card IP of the firewall(With 3 Network Card) as DMZ. One NIC to Internal network One NIC to external network

I believe that many people do this: configure the one Firewall to be the connection between DMZ and LAN and External. However, if the Firewall is breached from the outside then there is the potential to get to the LAN as easily as they get to the DMZ. It is a more secure solution to use 2 Firewalls.

82.211.102.231 10:09, 1 December 2006 (UTC)Helen[reply]

Everyone understands that the term "DMZ" in computing is short for "demilitarized zone", but no one in computing ever actually says "demilitarized zone" (except in answer to the question "what does DMZ stand for?"). And the article reflects this; the full term is never used again after the first sentence.

So I think the article should be renamed to "DMZ (computing)", and the first paragraph updated accordingly. Or maybe even renamed to just "DMZ", with a disambiguation link to "Demilitarized zone" (since, eg, googling for "DMZ" turns up this article first and the military article second). —Preceding unsigned comment added by 24.99.22.247 (talk) 18:13, 30 May 2008 (UTC)[reply]

Done --h2g2bob (talk) 21:13, 28 October 2008 (UTC)[reply]

Better to call this a 'Data Management Zone'. —Preceding unsigned comment added by 194.110.215.6 (talk) 12:40, 10 March 2009 (UTC)[reply]

I'd like some source info on this. As a 13 year IT veteran and many other people I communicate with just as much if not more IT experience have NEVER heard of 'Data Management Zone' and would prefer this is removed. A DMZ in terms of computing does root from Demilitarized Zone and is best described as that or a Perimeter Network. My re-wording of that in the first sentence could be helped by someone more elegant in their writing skills. thanks. Turnpike420 (talk) 18:42, 14 December 2009 (UTC)[reply]

The Dual Firewalls section mentions that using two firewalls is either "defense in depth" or "security through obscurity" as if they are opposite viewpoints. However, using two firewalls is not considered pejorative in this case (the security through obscurity wikipedia entry specifically states it is a pejorative term). It's goal is not to simply hide the internal network by obscure means (the goal of a single or dual firewall with DMZ is to "obscure" the LAN from access by design), but would provide real extra protection in the case of a security hole being found in the first firewall that didn't exist in the one from a second vendor. Thus, it is defense in depth (if the first measure fails the second may stand), but does not rise to the level of security through obscurity because even if you told the world the brand of both firewalls in use (and even the configuration, assuming both are properly configured), a vulnerability in the first wouldn't necessarily allow access through the second. Davidszp (talk) 17:42, 5 April 2011 (UTC)[reply]

There is no documented case of the compromise of a correctly-configured firewall. The dual-skinned architecture began to be popular as a result of the discovery that a certain firewall vendor incorporated a backdoor into their platform, so any discussion of two brands of firewalls is based on a misconception. Gregmal (talk) 9:13, 6 May 2013 (UTC)

Industry advice is that there is no merit to having firewalls from two vendors and in fact the support overhead increases the risk of mis-configuration. See Gartner 'Debunking the Myth of the Single-Vendor Network' G00208758 from 17 November 2010. — Preceding unsigned comment added by 137.191.247.20 (talk) 15:17, 4 August 2015 (UTC)[reply]

Accidental misconfiguration is more likely to occur in one or more ways across the configuration interfaces of two different vendors, which now require competency for two (potentially very) different configurations. — Preceding unsigned comment added by 72.200.196.17 (talk) 22:08, 31 August 2015 (UTC)[reply]

Gartner G00208758 study actually finds that two vendors is beneficial: "Our findings show that most organizations should consider a dual-vendor or multivendor solution as a viable approach to building their network, as significant cost savings are achievable with no increase in network complexity, while improving the focus on meeting business requirements." Telempe (talk) 09:33, 4 July 2017 (UTC)[reply]