Tuesday, 24 March 2009

The History of the DMZ

I forget where I picked this up, it was at a presentation with SANS, but I am unable to remember which one.

The issue was the definition of a DMZ. It was stated that the term should refer to a demarcation zone (such as is used in the sth/nth Korean border).

It was also stated that a DMZ is not truly de-militarised.

I just wanted to note that this is mixing terminology. Although DMZ can refer to both a demarcation zone or a demilitarised zone, they are both valid and separate, the first example being the already supplied Korean boarder that has little demilitarisation but extensive demarcation.

The second is the older definition that is incorrectly used in network circles.

De-militarised zones are exactly that. They do actually have a historic place outdating the historically recent demarcation zone. In recent history, the Vienna convention conditions enforced following WW1 against Germany included a DMZ in the demilitarised format.

The demilitarized Rhineland zone that was created following Germany’s defeat in WW1 was a German district that the German military was forbidden to enter (thus creating a buffer for France). The prelude of WW2 (on 3/9/36) was the German army’s occupation of the Rhineland in defiance of the edict creating the demilitarised status of the area. This was a true de-militarised zone and this details what one is.

For network systems, a demarcation zone is a more accurate reflection of what a DMZ truly is. This is also reflected in other historical sources (such as WW1). The interstitial zone between the trenches on the French and Belgium front with Germany in WW1 was a DMZ. It was a demarcation region or zone known as no-man’s land.

I guess a little of the trouble we have with the term DMZ is that in networking and security, we take a combination of demarcation and demilitarisation and interchange these as needed. The real truth is that neither term is correct in network use. Early DMZ’s would have fulfilled this definition. They (say go from 1984 – 1992) defined a network segment that was sacrificial. It would host a Proxy device (pre-NAT) or other connection systems and act as a buffer.

How language changes...

Sunday, 22 March 2009

More in a few days

Now that Information Defense is up and running and showing a decent return on investment (and positive NPV), I also plan on a second company.

The plan is to divide my time between 4 activities:

  1. Information Defense (Incident Handling and Forensics)
  2. New Company (Algorithmic Coding and security code reviews)
  3. Study and Academe
  4. Certification maintenance
I have given up on reducing certifications, but I have a plan to limit these. I am going to do the GSE (the last of the 3 of which I have 2) later this year and 2 other certifications. I also plan on writing 2-3 GIAC gold papers a year. This sets my certification and hands on technical training plan.

For more formalized study, I will be continuing the existing courses and following what I am doing. I will complete the MSysDev (an IT masters degree in System Development) I have started next year. I complete my Masters degree in Statistics when I FINALLY submit my dissertation in a few weeks. Once this is out of the way, I will start the PhD I planned (on the quatification of IS risk). I have already started some of the planning and experiments for this. Then in about 20 months I will do the CSU Masters degree in database design and developoment. The Masters degree in Digital Forensics I have been helping to develop is set to be launched at AusCert later this year with intake in 2010. So this all ready.

As for Info Defense. We have suffient clients to make it a profitable venture already. I have 2 partnerships and all is peopled to where it needs to be.

Finally, I have to think of the new company name. The idea is to write small secure and fast mathematical code libraries and sell these.

Well back mto work.