The DMZ in Korea itself isn't crawling with military. Either side of it is, ensuring that the definition of a demilitarized zone is observed and maintained. Before the advent of DMZs in networking, a DMZ meant an area from which military forces, operations, and installations were prohibited. Essentially, it's a wide empty area that constitutes a border with forces on either side pointing guns into it. I've always thought the adaptation of the acronym to the world of networking a bit strange. "Oh! We got activity in our networked DMZ! Kill it!" J Cordially yours, Jerry G. Young II Product Engineer - Senior Platform Engineering, Enterprise Hosting NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Sunday, January 14, 2007 7:08 PM To: isapros@xxxxxxxxxxxxx Subject: RE: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks That's what it means to me too. Can't see the Korean no mans' land as qualifying as a DMZ when it's crawling with military. In this conversation we have to take into consideration that CAS also includes the capability to provide access to folders and files right in OWA. This may be the thing that the Exchange team thinks throws a monkey wrench into the secure deployment of CAS in a a DMZ. ________________________________ From: isapros-bounce@xxxxxxxxxxxxx on behalf of Jason Jones Sent: Sat 1/13/2007 6:46 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks For me, DMZ means scary place completely untrusted, perimeter network means less scary place trusted to a degree, but strongly controlled ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: 12 January 2007 23:51 To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks Interesting... Probably a good idea for us to actually articulate what we really mean when we say DMZ. I guess to some it means "free for all network" but for me, it should be the network where you have the most restrictive policies controlling each service so that it is obvious when malicious traffic hits the wire. Thoughts> t On 1/12/07 3:30 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all: That's what I thought, now it's what I know.... From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, January 12, 2007 6:35 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks Aside from normal router & switch ACLs, ISA is the single line of defense. "..we don't need no stinking DMZs" From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Friday, January 12, 2007 12:12 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks Ahh...just had a thought. It's all labeling. Jason, and others (not Jason's fault), have been using the term DMZ. Historically, is the term DMZ not taken literally as being completely firewalled off from the trusted networks, and what Jason is talking about is trusted network segmentation. I betcha that's why the Exchange team don't support it...they think it's a typical run of the mill DMZ... Jim, isn't MS's Internal network segmented by usin ISA?? Including your mail servers? S All mail to and from this domain is GFI-scanned.