Screened Host Architecture

This architecture consists of two host machines: a Screening Router and a Screening Host. Screening Router is placed between a local network and the Internet. Its purpose is to block all direct communication between two networks. Only traffic that is allowed to pass through is that coming from the host machine and destined for the Internet or coming from the Internet and destined for the host machine.

Screened Host is the only machine that can be accessed from the Internet and usually runs proxy applications for allowed services. Other hosts on the intranet must connect to proxy service on the host machine in order to use the Internet.This architecture is more flexible than Dual Homed Host architecture. In this setup if a proxy application does not exist for some secure service it can be allowed to pass through the screening router directly to the client on the local network .

 Advantages

•Provides better security and filtering rules are simple
•Provides transparent outbound access and restricted inbound access

 Disadvantages

•If proxy application does not exist for some service logins have to be provided to the local users to use that service or to abandon that service completely
•If both host machines are not configured properly to work together it may leave holes in the firewall that can be exploited by the attacker

Posted Date: 9/13/2012 5:48:48 AM | Location : United States

Ask an Expert

Related Discussions:- Firewall architectures-screened host architecture, Assignment Help, Ask Question on Firewall architectures-screened host architecture, Get Answer, Expert's Help, Firewall architectures-screened host architecture Discussions

Write discussion on Firewall architectures-screened host architecture
Your posts are moderated

Write your message here..

Related Questions

Enumerate about the traffic policing, Enumerate about the Traffic policing ... Enumerate about the Traffic policing Traffic policing happens when a flow of data is regulated so that cells (or frames or packets) that exceed a performance level are discarde

Show the go-back- N - control variables, Q. Show the Go-back-N - Control Va... Q. Show the Go-back-N - Control Variables? - S- holds the series number of the recently sent frame - SF - holds sequence number of the first frame in the window - SL - ho

Describe how bgp does the decision process, Can you describe how BGP does t... Can you describe how BGP does the decision process?

Show ethernet media standard, Q. Show Ethernet Media standard? - The ca... Q. Show Ethernet Media standard? - The cables and connector specifications utilized to support Ethernet implementations are derived from the EIA/TIA (Electronic Industries Asso

Describe the wan and lan interface in routers, Can you define the WAN and L... Can you define the WAN and LAN Interface in Routers?

What are main types of networks and explain, a)  Peer-to-Peer Network Co... a)  Peer-to-Peer Network Computers can act as both servers sharing resources and as clients using the resources. b)  Server-based Network Give centralized control of netwo

What is traffic shaping, Normal 0 false false false EN-... Normal 0 false false false EN-IN X-NONE X-NONE MicrosoftInternetExplorer4

Prepare the network of spanning tree protocol -ccna, Prepare the Network  ... Prepare the Network  Step 1: Disable all ports by using the shutdown command. Ensure that the initial switch port states are inactive with the shutdown command. Use the inter

206.13.01.48/25, what range is this what range is this

Differentiate between ipv4 and ipv6, Question 1 Write short notes on Re... Question 1 Write short notes on Reserved IP addresses and Special use IP addresses 2 Explain about the packet switching mechanism based on Virtual Circuit 3 Explain about