But that¹s the opposite of what the analogy means- the ³free for all, combat rich, chaotic, uncontrollable² zone is NOT the DMZ. The ³DMZ,² where it refers to Korea, is a highly controlled, restricted area bound by the policy of the armistice. I would never put a honeypot in the DMZ, as no one would ever hit it- not in MY DMZ¹s anyway... The honeypot goes on the Internet segment or somewhere that everyone can hit it... The DMZ is where one should most closely monitor traffic or deploy intrusion detection... Why have yet another term? If people can¹t understand what DMZ really is, then I doubt they will understand what PNS is... t On 1/12/07 4:09 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all: > Personally, I think it should mean what it says, and match the anology that it > is part of?. > > Free for all?no restrictions, somewhere you would put a honey pot?.. > > And use the proper term for it which would be is?..?? PNS..Protected Network > Segment > > S > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Thor (Hammer of God) > Sent: Friday, January 12, 2007 7:51 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Interesting... Probably a good idea for us to actually articulate what we > really mean when we say DMZ. > > I guess to some it means ³free for all network² but for me, it should be the > network where you have the most restrictive policies controlling each service > so that it is obvious when malicious traffic hits the wire. Thoughts> > t > > > On 1/12/07 3:30 PM, "Steve Moffat" <steve@xxxxxxxxxx> spoketh to all: > That¹s what I thought, now it¹s what I know?. > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Jim Harrison > Sent: Friday, January 12, 2007 6:35 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Aside from normal router & switch ACLs, ISA is the single line of defense. > ³..we don¹t need no stinking DMZs² > > > From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On > Behalf Of Steve Moffat > Sent: Friday, January 12, 2007 12:12 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA, Exchange 2007 and Perimeter Networks > > Ahh?just had a thought. > > It¹s all labeling. > > Jason, and others (not Jason¹s fault), have been using the term DMZ. > > Historically, is the term DMZ not taken literally as being completely > firewalled off from the trusted networks, and what Jason is talking about is > trusted network segmentation. > > I betcha that¹s why the Exchange team don¹t support it?they think it¹s a > typical run of the mill DMZ? > > Jim, isn¹t MS¹s Internal network segmented by usin ISA?? Including your mail > servers? > > S > All mail to and from this domain is GFI-scanned. > > > > >