1

I have a question regarding the correct term and meaning of a DMZ network. We have in our company the following network stack:

  • Internal Clients network 192.168.0.0/24 we call it company LAN
  • Server network 10.10.0.0/16
  • Test LAN 192.168.234.0/24

Now the internal network is used for the coworkers' devices, and it's secured behind a firewall with outbound and inbound rules and restrictions.

The Test LAN is a network which we use to test and work with foreign devices (Like plugging customers devices in for updates and various tests), this network has less outbound restrictive rules on the firewall like (TestLAN to any).

Now we are making some enhancements to our networking stack, and my colleague suggested that we must rename the TestLAN to DMZ.

I was against the idea, as my definition of DMZ is a separated network from the usual LAN used mostly to isolate servers before the firewall to grant free access from the internet to the services hosted on those servers in DMZ, and not just a LAN without outbound restrictions which what our TestLAN is.

So what do you think about this, and what would be the correct terming of this Test LAN and whether it's eligible to be defined as a DMZ?

Improve this question
2
  • 1
    @tyson that is an inaccurate description of the use and purpose of a DMZ. What you are referring to sounds like a “DMZ mode” on a basic consumer home router. This is in no way related to what an actual DMZ network is and you should research it more. A DMZ is in no way a “bad solution.” It’s actually pivotal to network segregation and security when trust boundaries need to be established and has nothing to do with “forwarding all ports.”
    – Appleoddity
    Commented Mar 3, 2019 at 21:34
  • @Tyson within the borders of my understanding, DMZ is a state of network design, rather than a network configuration, so I can't judge security when only saying DMZed network, when I deal with firewalls such as pfSense/OPNsense, they define the DMZ zone the way we know it, and as Appleoddity stated above, the "loosely definition" came from the SOHO Routers mostly defining DMZ Zone as an exposed host, i.e. traffic from outside is forwarded to a single host inside the internal network and not into a separate network" and that's not a real DMZ.
    – DonMcCoy
    Commented Mar 4, 2019 at 21:03

1 Answer 1

Reset to default
1

Traditionally a DMZ houses everything that is not really part of either of two regions, yet (within reason) freely accessible to both. This analogy holds equally well for countries and LANs.

In my personal view, however, there can be no correct answer to this as the term DMZ is being used my many people to cover a very broad range of possible configurations - from total openness and symmetry to very asymmetric configurations. What anyone expects from a DMZ is likely a strong matter of preference.

For this reason alone I would steer clear of using this term in the setup you describe.

Improve this answer
1
  • I totally agree, and see that the same way, as I also said, in higher grade network devices, DMZ means what i stated in my question, only the home to small office routers define it as an exposed host which is other thing, anyway thanks for your contribution.
    – DonMcCoy
    Commented Mar 4, 2019 at 21:12

Not the answer you're looking for? Browse other questions tagged .