Screened Host Architecture

This architecture consists of two host machines: a Screening Router and a Screening Host. Screening Router is placed between a local network and the Internet. Its purpose is to block all direct communication between two networks. Only traffic that is allowed to pass through is that coming from the host machine and destined for the Internet or coming from the Internet and destined for the host machine.

Screened Host is the only machine that can be accessed from the Internet and usually runs proxy applications for allowed services. Other hosts on the intranet must connect to proxy service on the host machine in order to use the Internet.This architecture is more flexible than Dual Homed Host architecture. In this setup if a proxy application does not exist for some secure service it can be allowed to pass through the screening router directly to the client on the local network .

 Advantages

•Provides better security and filtering rules are simple
•Provides transparent outbound access and restricted inbound access

 Disadvantages

•If proxy application does not exist for some service logins have to be provided to the local users to use that service or to abandon that service completely
•If both host machines are not configured properly to work together it may leave holes in the firewall that can be exploited by the attacker

Posted Date: 9/13/2012 5:48:48 AM | Location : United States

Ask an Expert

Related Discussions:- Firewall architectures-screened host architecture, Assignment Help, Ask Question on Firewall architectures-screened host architecture, Get Answer, Expert's Help, Firewall architectures-screened host architecture Discussions

Write discussion on Firewall architectures-screened host architecture
Your posts are moderated

Write your message here..

Related Questions

Defining error detection, Problem 1. Explain the term Switching. Descri... Problem 1. Explain the term Switching. Describe the following Switching Mechanisms a) Circuit Switching b) Packet Switching c) Message Switching Defining Switching

Ppp authentication chap pap secret, As the system administrator, you type "... As the system administrator, you type "ppp authentication chap pap secret". Name the authentication method is used first in setting up a session? Ans)  the authentication method

Layered architecture - computer network, Layered Architecture The best... Layered Architecture The best  way to  understand  any complex system is to break  it into  pieces  and then analyze what they  do and  how they interact. The most logical app

What is piggy backing, What is Piggy Backing? A process called piggybac... What is Piggy Backing? A process called piggybacking is used to get better the efficiency of the bidirectional protocols. When a frame is carrying data from A to B, it can also

E-NRZ, A modified NRZ code known as enhanced-NRZ (E-NRZ) operates on 7-bit ... A modified NRZ code known as enhanced-NRZ (E-NRZ) operates on 7-bit words; inverting bits 2,3,6 and 7; and adding one parity bit to each word. The parity bit is chosen to make the

Bens network, Bens Network  Ben's network is a non-blocking network. ... Bens Network  Ben's network is a non-blocking network.  It is a different  type of Clos network where initial and final stage consists of  2×2 switches (for n input  and m ou

Network devices and components, Why are packets important in a network? Why are packets important in a network?

Define v - 32 modem, Q. Define V - 32 modem? - ITU-T's V.32 standard w... Q. Define V - 32 modem? - ITU-T's V.32 standard was issued in 1989 for asynchronous and full-duplex operation at 9600 bps. - Even though designed for asynchronous DTEs two

Troubleshooting tcp/ip, I''m having trouble with understanding a diagram fo... I''m having trouble with understanding a diagram for my assignment

Binary addition, using binary adition, what is the result of 1010 + 10? Usi... using binary adition, what is the result of 1010 + 10? Using binary addition, how would you repeatedly increment a number by 2?