Firewall architectures-screened subnet architecture, Computer Network Security

Screened Subnet Architecture


This setup provides an extra security layer to screened host architecture by creating a perimeter subnet which further isolates internal network from the Internet.In this architecture two screening routers and a single screening host is used. Both routers are connected to create the perimeter subnet also called Demilitarized Zone (DMZ). Screening host sits in this subnet between two routers. One router is facing the Internet and other is facing local network. Now to break into the internal network an attacker has to pass through both the routers. Even if it breaks through screening host it still has to pass through the internal router. The DMZ could also contain all information servers, modem pools and other systems that require careful controlled access.


Advantages


•    Provides maximum depth of defense
•    Local network can provide services to outside without compromising to inside
•    Much flexible than previous solutions


Disadvantages


•    Costly as compared to other architectures
•    Much complex and requires very careful configuration between guarding machines

Posted Date: 9/13/2012 5:52:57 AM | Location : United States







Related Discussions:- Firewall architectures-screened subnet architecture, Assignment Help, Ask Question on Firewall architectures-screened subnet architecture, Get Answer, Expert's Help, Firewall architectures-screened subnet architecture Discussions

Write discussion on Firewall architectures-screened subnet architecture
Your posts are moderated
Related Questions
IDS Deployment Overview The decision regarding control strategies, decisions about where to locate elements of intrusion detection systems is an art in itself. Planners should s

The "Big Red Rocks" (BRR) mining company is based and operates in Western Australia. They are primarily an iron ore miner, but they also produce electricity through tidal power to

In BUS topology every computer is directly connected to primary network cable in a single way. Bus networks are the easiest way to connect multiple users, but can have problems

Documenting the Results of Risk Assessment The goal of this process is to recognize the information assets, list them, and rank according to those most required protection. The

QUESTION (a) What do you understand by a VLAN? Provide one advantage of using a VLAN. (b) What is a trunk port in a VLAN? (c) A VLAN will be created using one or more

PARSING IPv6 HEADERS Base header is fixed in size i.e. 40 octets. NEXT HEADER field in the base header describe kind of header and it seems at end of fixed-size base header. S

Enterprise Information Security Policy (EISP) EISP also known as security policy directly supports the mission of the organization and sets the strategic direction, scope, and t

What do you understand by cryptanalysis? Discuss about the transposition ciphers substitution cipher, and onetime pads. The messages which are intended to transmit secretly and

Repeater known as regenerator ; it is an electronic machine that performs only at physical layer. It gets the signal in the network before it becomes loss or weak, recreates the

Question: (a) Describe fully with example the two access control methods available to implement database security. (b) Discuss why database statistics (meta data) provide es