CNN.com - Poets die younger than writers, study finds - Apr 22, 2004
Grok Headline matches for CNN.com - Poets die younger than writers, study finds - Apr 22, 2004
Poets die young - U.S. study (Reuters)
Poets die young - U.S. study (Reuters)
04/21/2004 10:35 PMReuters - Poets die young -- younger than novelists, playwrights and
other writers, a U.S. researcher says.
Study to Test Hormone Benefits in
Younger Women
Study to Test Hormone Benefits in
Younger Women
04/18/2004 06:59 PMReuters via Wired News Apr 18 2004 10:40PM GMT
Poets.org - The Academy of American
Poets
Poets.org - The Academy of American
Poets
04/06/2005 06:45 AMPoets.org - The Academy of American Poetshttp://www.poets.org/Poets.org is one of the many programs sponsored by the Academy of
American Poets. The Academy was founded in 1934 to support American
poets at all stages of their careers and to foster the appreciation of
contemporary poetry. To fulfill this mission, the Academy administers
a wide variety of programs, including National Poetry Month (April),
the largest literary celebration in the world; the Online Poetry
Classroom, an online resource providing free poetry lesson plans for
high school teachers; the Poetry Audio Archive, a collection of nearly
500 recordings dating back to the 1960s; and Poets.org, our
award-winning website which provides a wealth of content on
contemporary American poetry and receives an average of 400,000 unique
users each month. This has been added to
Reference Resources
Subject Tracer™ Information Blog.
One Ear is Not Like The Other, Study
Finds
One Ear is Not Like The Other, Study
Finds
09/13/2004 01:03 AMLiposuction Doesn't Help Health, Study
Finds
Liposuction Doesn't Help Health, Study
Finds
06/17/2004 10:07 AMHaving fat removed by liposuction provides none of the protection from
heart disease and diabetes that would result from losing the same
amount of weight through diet and exercise.
DNA Study Finds Chihuahuas Aren't Dogs
DNA Study Finds Chihuahuas Aren't Dogs
05/28/2004 01:50 AM?As part of an ambitious effort to identify genes that cause disease
in dogs and humans, scientists at the Fred Hutchinson Cancer Research
Center in Seattle analyzed DNA collected from 414 dogs representing 85
breeds, including some of the most popular. The findings have sent
reverberations though the ranks of dog fanciers, who primp and preen
their beloved companions for shows and take great pride in their
pedigrees?.Among other findings, the analysis determined that the
Chihuahua is actually a type of large rodent, selectively bred for
centuries to resemble a canine.? I?m waiting for the study on ferrets?
;-) Please read the disclaimer before quoting or complaining.
Thanks, Erin!
Pollution Alters DNA in Mice, Study
Finds
Pollution Alters DNA in Mice, Study
Finds
05/17/2004 07:35 PMBreathing soot from factories or highways may cause genetic damage
that can be passed to offspring.
Study finds omega-3 can ward off
Alzheimer's
Study finds omega-3 can ward off
Alzheimer's
09/03/2004 08:25 AMglobetechnology.com Sep 3 2004 12:33PM GMT
Study Finds Paintball Injuries on Rise
Study Finds Paintball Injuries on Rise
01/05/2004 04:50 AMReuters via Wired News Jan 5 2004 3:33AM ET
UBS study finds offshoring not big hit
to U.S. jobs market
UBS study finds offshoring not big hit
to U.S. jobs market
09/17/2004 06:35 PMSiliconValley.com Sep 17 2004 10:44PM GMT
Study finds too few women and minorities
in tech
Study finds too few women and minorities
in tech
06/24/2005 03:24 PMZDNet Jun 23 2005 2:02AM GMT
Study finds no cancer-cellphone link
Study finds no cancer-cellphone link
04/13/2005 06:48 AMElectronic Times Apr 13 2005 10:53AM GMT
Collie or Pug? Study Finds the Genetic
Code
Collie or Pug? Study Finds the Genetic
Code
05/21/2004 12:59 AMScientists say they have found genetic variations that allow them to
distinguish among 85 dog breeds and to identify an individual dog's
breed with 99 percent accuracy.
Study Finds Windows More Reliable than
Linux
Study Finds Windows More Reliable than
Linux
04/06/2005 11:56 AMA Microsoft-sponsored study finds Windows Server 2003 is more reliable
and robust and allows IT administrators to execute various tasks more
quickly than those using Red Advanced Server 3.0 running on the same
hardware.
Study Finds MRIs Better on Breast Cancer
(AP)
Study Finds MRIs Better on Breast Cancer
(AP)
07/28/2004 08:02 PMAP - In women at high risk of breast cancer, new research suggests MRI
scans find nearly twice as many tumors as mammograms do, but they cost
a lot and trigger more unneeded biopsies.
Study Finds Flaws in PSA Cancer Tests
(AP)
Study Finds Flaws in PSA Cancer Tests
(AP)
05/26/2004 04:30 PMAP - A disturbing new study has found that 15 percent of older men
with supposedly normal readings on the widely used PSA test have
prostate cancer anyway — and some even have aggressive tumors.
Many Parents Unaware of Teen Sex, Study
Finds
Many Parents Unaware of Teen Sex, Study
Finds
08/12/2004 12:55 PMReuters via Wired News Aug 12 2004 5:02PM GMT
Study Finds Seasons Affect Cholesterol
(AP)
Study Finds Seasons Affect Cholesterol
(AP)
04/26/2004 05:31 PMAP - Cholesterol levels tend to rise in the winter and fall in the
summer — variations that in some cases could affect treatment
decisions, researchers say.
Liposuction Doesn't Offer Health
Benefit, Study Finds
Liposuction Doesn't Offer Health
Benefit, Study Finds
06/17/2004 12:15 AMHaving fat removed by liposuction provides none of the protection from
heart disease and diabetes that would result from losing the same
amount of weight through diet and exercise.
Farmed Salmon Have More Contaminants
Than Wild Ones, Study Finds
Farmed Salmon Have More Contaminants
Than Wild Ones, Study Finds
01/09/2004 09:58 PMA new study of fillets from 700 salmon, wild and farmed, finds that
the farmed fish consistently have more PCB's and other contaminants.
Study Finds Electronic Prescribing
Records of Limited Use
Study Finds Electronic Prescribing
Records of Limited Use
04/16/2004 11:39 AMTracking patient prescriptions alone is of little use in enhancing
patient safety, according to a researcher at Chicago's Northwestern
Memorial Hospital. Further study will determine if electronic medical
records can make a dent in physician errors that lead to patient
deaths and injuries.
Cellphones take up driver attention,
study finds (Reuters)
Cellphones take up driver attention,
study finds (Reuters)
06/22/2005 02:36 AMReuters - Using a cellphone -- even with a
hands-free device -- may distract drivers because the brain
cannot handle both tasks, U.S. researchers said on Tuesday.
On Fox News, No Shortage of Opinion,
Study Finds (washingtonpost.com)
On Fox News, No Shortage of Opinion,
Study Finds (washingtonpost.com)
03/17/2005 02:48 AMHoward Kurtz watches the media watch itself .. opinions of the anchors
and
journalists
washingtonpost.com/ac2/wp-dyn/A32631-2005Mar13?language=
printer
track this
site | 3 links
Computer Use a Boost to Young Minds,
Study Finds
Computer Use a Boost to Young Minds,
Study Finds
06/07/2004 08:34 PMMacon Area Online Jun 8 2004 0:31AM GMT
Pay Abuses Common for Day Laborers,
Study Finds (washingtonpost.com)
Pay Abuses Common for Day Laborers,
Study Finds (washingtonpost.com)
06/24/2005 03:17 PMwashingtonpost.com - More than half of day laborers in the Washington
area have been cheated out of their wages and one in four has been
harmed on the job, according to a study being released today that
tries to sketch a portrait of the informal workers.
College Faculties A Most Liberal Lot,
Study Finds (washingtonpost.com)
College Faculties A Most Liberal Lot,
Study Finds (washingtonpost.com)
03/31/2005 06:59 AMnot only do college faculties lean to the left, they lean farther to
the left than most of us
thought
washingtonpost.com/wp-dyn/articles/A8427-2005Mar28.html
track
this site | 4 links
Study Finds Equal Success in Treatments
for Cancer
Study Finds Equal Success in Treatments
for Cancer
05/13/2004 12:33 AMA decade-long study comparing conventional colon cancer surgery with
laparoscopic surgery found identical success rates.
Study finds gaps in digital divide
theory
Study finds gaps in digital divide
theory
10/29/2003 12:31 PMThe digital divide is not just a problem in poor countries--it's also
widening in technologically advanced regions, says a study by a panel
of experts set up by chipmaker AMD.
Study Finds Benefit in Keeping
Cholesterol Extra-Low
Study Finds Benefit in Keeping
Cholesterol Extra-Low
03/08/2004 11:12 PMLowering cholesterol beyond recommended levels can substantially
reduce heart patients' risk of heart attack, a study has found.
Study Finds Aspirin Might Cut Risk of
Breast Cancer
Study Finds Aspirin Might Cut Risk of
Breast Cancer
05/25/2004 05:47 PMWomen who take aspirin regularly have a lower risk of breast cancer
than those who do not, researchers are reporting.
Study Finds Flaws in Prostate Cancer
Test (AP)
Study Finds Flaws in Prostate Cancer
Test (AP)
05/27/2004 04:29 AMAP - A new study shows that a test widely used to screen for prostate
cancer misses 15 percent of the tumors — including some
aggressive ones — in older men.
Mobile Phone Radiation Harms DNA, New
Study Finds
Mobile Phone Radiation Harms DNA, New
Study Finds
12/22/2004 01:23 AMRadio waves from mobile phones harm body cells and damage DNA in
laboratory conditions, according to a new study majority-funded by the
European Union, researchers said on Monday. The so-called Reflex
study, conducted by 12 research groups in seven European countries,
did not prove that mobile phones are a risk to health but concluded
that more research is needed to see if effects can also be found
outside a lab.
The $100 billion a year mobile phone industry asserts that there is no
conclusive evidence of harmful effects as a result of electromagnetic
radiation. About 650 million mobile phones are expected to be sold to
consumers this year, and over 1.5 billion people around the world use
one. The research project, which took four years and which was
coordinated by the German research group Verum, studied the effect of
radiation on human and animal cells in a laboratory.
News source:
ReutersRead full story...Study Finds Pervasive Chinese Internet
Controls
Study Finds Pervasive Chinese Internet
Controls
04/14/2005 09:46 PMReuters Apr 15 2005 1:31AM GMT
Size Matters When It Comes to Nostrils,
Study Finds (Reuters)
Size Matters When It Comes to Nostrils,
Study Finds (Reuters)
09/15/2004 07:23 AMReuters - Large nostrils count more than a big
nose when it come to smelling power, said German scientists
Wednesday after completing a three-year-long study aimed at
treating smelling disorders.
Iraq Study Finds Desire for Arms, but
Not Capacity
Iraq Study Finds Desire for Arms, but
Not Capacity
09/16/2004 10:41 PMA new report is expected to conclude that Iraq had a clear intent to
produce illicit weapons if U.N. sanctions were lifted.
Study finds Chinese Internet filters
sophisticated
Study finds Chinese Internet filters
sophisticated
04/14/2005 09:47 PMPravda Apr 15 2005 1:08AM GMT
Jupiter Research Study Finds Overture
Outscores Google
Jupiter Research Study Finds Overture
Outscores Google
10/31/2003 08:20 AMMedia Post Oct 31 2003 8:01AM ET
Teenage T. Rex's Appetite Explains Its
Bulk, Study Finds
Teenage T. Rex's Appetite Explains Its
Bulk, Study Finds
08/12/2004 02:14 AMPaleontologists now think Tyrannosaurus rex dinosaurs may have
experienced a teenage growth surge averaging 4.6 pounds a day over
four years.
U.S. online holiday spending rose 25
percent, study finds
U.S. online holiday spending rose 25
percent, study finds
01/04/2005 09:02 AMTempted by lower prices and a wide selection of goods, U.S. shoppers
clamored to the Web this holiday season, spending $23.2 billion, or 25
percent more than in the previous year, according to a survey released
this week.
Grok Description matches for CNN.com - Poets die younger than writers, study finds - Apr 22, 2004
GrokA matches for CNN.com - Poets die younger than writers, study finds - Apr 22, 2004
Rowing the Pond Again
Rowing the Pond Again
06/08/2004 11:20 PMBurningbird for Poets
Burningbird for Poets
01/04/2004 07:20 AMTeledyN
teledyn.com/mt/archives/001594.html
track this
site | 5 links
Linux for poets
Linux for poets
01/09/2004 09:58 PMValerie MacEwan is a fiction writer and poet who (her words) "...lives
on the edge of the Great Dismal Swamp in North Carolina." She's also a
Linux user and advocate. The following (lightly edited) IM transcript
tells how and why she started using Linux, and how and why she
believes other writers should start using Linux and open source
software.
a subculture from across the pond
a subculture from across the pond
04/20/2004 12:39 PM
British television presentation,
past and
present. For the
lover of
Channel 5,
DOGs,
presenters, and
mocking in
all of us.
Be a Big Fish in a Small Pond
Be a Big Fish in a Small Pond
06/23/2004 10:49 AMSource: iMedia Connection - In addition to big search engines,
marketers should consider small and specialty search sites....
Tech students can be poets too
Tech students can be poets too
08/15/2004 09:36 AMChicago Tribune Aug 15 2004 12:13PM GMT
Do Poets Die Young? (Reuters)
Do Poets Die Young? (Reuters)
04/22/2004 09:16 AMReuters - Poets die young -- younger than
novelists, playwrights and other writers, a U.S. researcher
says.
Flexible Copyrights Hop the Pond
Flexible Copyrights Hop the Pond
04/18/2005 04:53 AMThe BBC and other media groups unveil new Creative Commons-inspired
licenses that will allow the public to use footage from the archives
as raw material for new creative works. By Katie Dean.
Phishing in the Fund Pond
Phishing in the Fund Pond
07/02/2004 10:00 AMOnline scammers begin to target mutual fund investors.
Pond and a Puck Are Enough for Hockey
Purists
Pond and a Puck Are Enough for Hockey
Purists
02/12/2004 08:04 AMIn the World Pond Hockey Championships in New Brunswick, Canada,
four-man teams compete outdoors in a sport that has almost no rules.
A Zen Pond Puts Wheels on Ideas
A Zen Pond Puts Wheels on Ideas
05/05/2004 09:28 PMMeet the Personal Pond, a waist-high device that looks like the
offspring of a Weber grill and the Starship Enterprise.
Toddler dead after duck pond fall
Toddler dead after duck pond fall
08/21/2004 11:00 AMA two-year-old boy dies after falling into a duck pond at a caravan
park in north Wales during a family holiday.
Korean poets deployed to "Tokto"
(Reuters)
Korean poets deployed to "Tokto"
(Reuters)
04/04/2005 10:17 AMReuters - Poets have read patriotic verses as a ferry rocks violently
offshore
islands that South Korea and Japan both claim in a bitter territorial
dispute.
National Poetry Month - The Academy of
American Poets
National Poetry Month - The Academy of
American Poets
04/04/2005 04:23 AMHappy National Poetry Month!
poets.org/npm
track this
site | 4 links
On EBay, E-Mail Phishers Find a
Well-Stocked Pond
On EBay, E-Mail Phishers Find a
Well-Stocked Pond
03/14/2005 06:16 PMEBay’s domination of the online auction business and its heavy
dependence on e-mail communication make its users particularly
vulnerable to online scams.
Eldred Told Not To Hand Out Walden At
Walden Pond
Eldred Told Not To Hand Out Walden At
Walden Pond
07/19/2004 04:54 PMEric Eldred (of
Supreme
Court fame) recently went to Walden Pond to hand out free copies
of David Thoreau's "Walden," which is very much in the public domain
these days. He was
quickly told to stop because he did not have a permit
to hand out free books. The park supervisor claims they told him to
leave because handing out free books might interfere with the business
prospects of the "Shop at Walden Pond" which sells copies of the book.
The executive director of the Thoreau Society, which runs the shop,
didn't seem to mind, and the whole thing is somewhat farcical given
the nature of "Walden" anyway.
Poets make their central concerns
evident---and not so evident
Poets make their central concerns
evident---and not so evident
09/26/2004 09:16 AMChicago Tribune Sep 26 2004 12:19PM GMT
Building a Better Fry
Building a Better Fry
05/18/2004 02:49 PMPrivately held Simplot offers fries without unsaturated fats.
Le Building
Le Building
06/24/2005 04:49 PM
Le Building (quicktime)
is a minute-and-a-half film that was used as an opening for the 2005
Annecy International Animated Film Festival. Made by
students.
Kids today. What can't they do? Making-of movie
here.
via cartoonbrew
Building Yourself A DMZ
Building Yourself A DMZ
06/22/2004 04:24 AM
By Daniel R. Miessler
Eventually, if you get interested enough in information security
or start hosting services on your network, you are going to wonder
what a DMZ is and why you should or should not have one. DMZ is an
acronym that stands for demilitarized zone, and in the
‘real’ world it is the location between two hostile
entities such as North and South Korea. In the world of information
security community, however, it’s a separate, untrusted network
where any machines serving public services (web, email, gaming, etc)
should be placed. It’s a buffer zone between a completely unsafe
network (like the Internet) and a relatively trusted network (like
your private LAN). The primary purpose for this separation is so that
a compromise in your DMZ does not automatically result in a compromise
of your private network as well.
Design Considerations
I’ll be discussing two main ways to implement a DMZ. The
first is using three NICs in a single firewall machine as follows:
NIC1 for the WAN : Your gateway to the Internet; everything
comes and goes through this NIC
NIC2 for the LAN : Behind this NIC is where you have all your
private assets, i.e. file servers, domain controllers, questionable
media collections, etc.
NIC3 for the DMZ : This is where you put any machine that you
want to allow people on the Internet to connect to, i.e. web servers,
ftp servers, mail servers, game servers, etc.
This is one method of creating a DMZ, but it is not the best way.
This configuration allows the security of both your DMZ and your LAN
to lie in one system. If your machine that has all three of those NICs
in it is compromised, so is your DMZ and your private network as well.
Basically, you are allowing the Internet to touch the very same
machine that determines how secure your internal LAN is, and this is
not ideal.
The better way to do this is with three completely separate
networks and two firewalls - one on the border of your WAN (which
handles your connection usually) - and one on the border of your
internal LAN. This design makes it so that two separate devices must
be compromised in order to get to your internal LAN, and as you will
see later - it’s no an easy thing to do.
Implementation
We’re going to proceed with the second and more secure
configuration which is often referred to as a ‘sandwich
DMZ’ due to the use of two firewalls (the servers in the DMZ are
the meat). Let’s say you have two firewall devices available to
you - a broadband router such as a Linksys, and a Linux-based firewall
like an Astaro or SmoothWall box. You start by placing your Linksys on
your border (right behind your modem), and connecting the LAN side of
that router to a hub or switch. To that hub or switch (your DMZ
hub/switch) you connect your bastion hosts/public server(s). These
machines run the services that you want people to be able to connect
to from the Internet. This may be a web site, an FTP server, a mail
server, or a multiplayer game box like WCIII or Counterstrike. You
want this machine to be hardened as much as possible, meaning that it
is completely patched, not running any unnecessary services, and is
tightened down as much as possible in terms of configuration.
Now, to that same hub (the DMZ hub) you are going to attach
another network cable that goes to the external interface of your
internal firewall (your Linux firewall). It is important to note that
you want your strongest firewall closest to your LAN; or, putting it
another way, you want your least powerful firewall on your border.
This may seem counterintuitive but it’s usually best. Basically,
you want the most powerful and most configurable firewall protecting
your LAN - not your DMZ. Then connect another cable from the internal
interface of your Linux box to another hub (your internal hub). All of
your LAN machines will connect to that.
If that was confusing, think of it this way:
Internet -> Modem
Modem -> Router
Router -> DMZ Hub
DMZ Switch -> Web/Mail/FTP/Game Servers
DMZ Switch -> Linux Firewall External NIC
Linux Firewall Internal NIC -> LAN Hub
LAN Hub -> LAN Systems
Benefits
Ok, so let’s take a look at the added security that is
offered by this setup. First off, at the border you have NAT
translation that passes only the ports that you need to in order for
people on the Internet to access the servers in your DMZ. Let’s
say, for example, that you’re running a web server, an FTP
server, and a game server for a game called Foo. On your border
router/firewall you pass ports 80, 21, and 10050 (the Foo server
port). All attempted connections to your external, WAN IP address that
aren’t on those ports drop dead at your router; only those three
ports are allowed through because of NAT. The nature of NAT as
implemented on most SOHO routers dictates that only two types of
traffic can pass from the outside of the router to the inside: return
traffic (traffic that’s part of a connection that originated
from the inside of the NAT device, and any incoming traffic to ports
that are defined as ‘passed’ in your NAT configuration.
All packets traversing the device are compared to a table inside the
device that is similar to a firewall policy, and if a given packet
doesn’t fall into one of the two categories above, it gets put
on the floor. This side effect of NAT, while not its original or main
goal, is a fairly powerful security feature, and it makes up our first
layer of defense on the border. Of course, if your device supports
packet filtering of any sort in addition to NAT then you can further
lockdown your perimeter by using that functionality as well.
This first border layer, while being good, is just one layer of
the shielding offered by this configuration. The real beauty of this
setup lies in what happens if someone is able to compromise a machine
in your DMZ. Imagine that you have the setup I laid out above, but
unbeknownst to you there is a major, undiscovered vulnerability in
your Apache or IIS server. While you’re out and about thinking
all is well, someone launches the zero-day exploit at your box and
takes it over. Now what?
Now nothing. Your second and more powerful firewall (the one that
they are still outside of) - does not pass ANY traffic from the DMZ to
the LAN. In fact, you should have your internal firewall configured in
such a way that it won’t even reply at all to any DMZ machines -
no ICMP, no port scans, nothing. And now, rather than being able to
bounce around on your juicy internal LAN like they planned, they are
stuck in the middle of a completely untrusted, isolated network that
doesn’t have anything on it other than what you intended for
public viewing anyway.
This is a DMZ.
Even if they did know the IP of the internal firewall, it
wouldn’t even consider passing connection attempts from the DMZ.
This internal layer of protection is NAT’d just like your first
layer, only there are no ports being passed inside like from the
Internet to the DMZ. Due to the NAT table, and your lack of ports
being passed, your second firewall actually has no idea what to do
with packets that are designed to initiate new connections with it, so
it just drops them. The only traffic that is going to make it through
that firewall is traffic initiated from the inside, i.e. when you go
to /., it will allow the web content to come back to you so you can
view the page, but if someone tries to initiate a new connection to
you, they get dropped. Both NAT and stateful packet inspection (an
advanced firewall technology that’s built into modern Linux
firewalls) afford this protection to you - each in different ways.
Example Scenario
So, to sum it all up, imagine you have your network setup the way
we have talked about above, and someone with a zero-day exploit is
scanning around looking for web daemons to tear up and they find
yours. So, they connect to it, check the version you are running to
confirm that you’re vulnerable, and then scurry to fire up their
new exploit tool that someone else wrote. What they probably
don’t know is that they are actually connecting to a
‘non-routable’ IP in your DMZ. It has no
‘real’ IP address as far as the Internet is concerned, and
if you hadn’t passed that port on your router they
wouldn’t have seen anything at all with their scan.
But let’s say they do see your web daemon because you are
passing port 80 through to your web server, and it turns out
it’s vulnerable. They run their exploit and get complete control
of your box. This, of course, causes them tremendous joy, and they
hurry to tell all their buddies because they think they’re
starring in Hackers now. The thing is, they have little to celebrate.
All they have is a barebones server with nothing of value on it - no
vital info, no browsing history, no personal information, nothing.
In fact, all the attacker has access to is content that you wanted
the public to see in the first place! (which is also safely backed up,
of course).
They proceed to poke around in your DMZ only to find that there
isn’t anything there that they couldn’t have seen from the
other side of the planet with a web browser. The odds are that at this
point they’ll either load some trash onto your system in order
to use it as a server or an attack zombie, or they’ll just
deface and/or destroy it. Either way it doesn’t matter. The
moment you detect what has happened (see Snort, Tripwire, etc) you
simply pull the plug, reinstall the box, and restore the backup.
Within a few minutes you have a brand spanking new system ready to go
back online, and at no point during the process was your private LAN
in danger. This is the benefit of running a true DMZ.
Things To Keep In Mind
There are a couple of things worth mentioning about DMZs that
I’d like to cover. First of all, there are many SOHO appliances
on the market that advertise themselves as having a DMZ. Be weary of
these. Some do actually have a true DMZ interface that can be used in
the triple-homed configuration and combined with packet filtering, but
many just have a port that all traffic gets forwarded to when you
enable the ‘DMZ’. This is a horrible perversion of the
word, and it offers very little, if any, security. What that basically
does is pass all ports from the external interface to the box that you
connect to the DMZ port. If security is a priority, don’t do
that. This is nothing but another example of manufacturers catching
onto buzzwords and inserting them into their marketing. Rule of thumb:
it’s not a true DMZ interface unless the product gives you full
control of what gets passed back (via NAT) to machines connected to
it.
There is also some debate on whether to use hubs or switches for
connectivity within your DMZ and LAN, due to security concerns
associated with hubs. I used the word ‘hub’ in the
paragraphs above for the sake of simplicity, but it’s important
to consider the performance and security implications of using each.
On the security side, many people say not to use a hub because it
would be possible for someone with access to a compromised machine
(and the right tools) to run a sniffer and watch all of the traffic
going between the Internet and DMZ to the private LAN. This is
potentially a concern, but anyone who is going to sniff your internal
traffic in order to launch a sophisticated attack later is going to
know how to sniff across most switches as well. It is trivial enough
to do this that it’s arguably permissible to use a hub in the
DMZ if you have a good reason to. I do so in order to allow my IDS
machine in the DMZ to be able to see all traffic on that network.
Switches with mirror ports are still a bit too pricey (but I’m
watching ebay for 2950s)
Last but not least, a DMZ is not an impenetrable defense vs.
attacks. It’ll stop the vast majority of people that the average
person running services would come upon, but if a highly skilled
cracker wanted spend a whole lot of time and effort, he/she could
still be successful. Nothing is worse for your security than thinking
you are completely secure.
For questions and/or feedback, I can be reached at
daniel@dmiessler.com.
‘cat knowledge | grep understanding’
Building a Better Office
Building a Better Office
06/22/2004 06:40 PM"wrong building"
"wrong building"
03/20/2003 08:32 AMBuilding a better Bush
Building a better Bush
02/10/2004 06:47 AMHow an Andover-Yale preppy, scion of one of our nation's most powerful
families, was reinvented as a straight-shootin' Texan with "regular
guy" values. An excerpt from "Fraud: The Strategy Behind the Bush Lies
and Why the Media Didn't Tell You."
Photographing Every Building Everywhere
Photographing Every Building Everywhere
05/25/2004 08:49 PMIf you thought that Barbara Streisand got
bent
out of shape over someone photographing her house from public
airspace as part of an effort to document the entire coastline, just
imagine how lots of people will feel about some random van, covered in
digital cameras,
roaming through their neighborhood, snapping pictures of
everything, to create a giant photographic database of
every building in the US, connected via GPS location info to satellite
photos for the view from the sky. The idea is to then offer this
database to insurance companies and police to use in appraisals,
investigations or... well... to spy on what your property looks like,
I guess. There have been similar projects, though on a smaller scale.
There was one such project a few years ago where you could tour
Manhattan in pictures. Photographers had literally taken thousands of
photos at street level in Manhattan and connected them to let you take
something of a virtual tour of the city. In the meantime, the folks
working on this "photograph every building" project should team up
with those researchers in the UK who wanted to create a
building
recognition system that would let you snap a photo of a building
with your camera phone, and have the phone immediately tell you where
you are. Of course, you could also see the technology being useful
for services like online mapping applications, where they could give
you not only turn by turn directions, but also photos of specific
buildings or landmarks where you should turn. Whether you think this
is cool or creepy (or possibly, both), it sounds like the company is
still a long way from actually bringing this to market.
Building Your Own LazyWeb
Building Your Own LazyWeb
07/24/2004 06:17 PMI should have got this off my to-do list ages ago, but anyway. I've
tidied up the complete code and instructions (not exactly long or
complicated I grant you) to the LazyWeb. Want a LazyWeb of your very
own? Have...
Building Blood
Building Blood
11/03/2003 05:29 AMBoston Globe Nov 3 2003 5:03AM ET
Building Applications with POE
Building Applications with POE
07/23/2004 06:32 PMIn Matt Cashner's second article on POE, he describes how to fit
together POE's components into event-driven applications.
CNN.com - Poets die younger than writers, study finds - Apr 22, 2004
