Firewall architectures-screened subnet architecture, Computer Network Security

Screened Subnet Architecture


This setup provides an extra security layer to screened host architecture by creating a perimeter subnet which further isolates internal network from the Internet.In this architecture two screening routers and a single screening host is used. Both routers are connected to create the perimeter subnet also called Demilitarized Zone (DMZ). Screening host sits in this subnet between two routers. One router is facing the Internet and other is facing local network. Now to break into the internal network an attacker has to pass through both the routers. Even if it breaks through screening host it still has to pass through the internal router. The DMZ could also contain all information servers, modem pools and other systems that require careful controlled access.


Advantages


•    Provides maximum depth of defense
•    Local network can provide services to outside without compromising to inside
•    Much flexible than previous solutions


Disadvantages


•    Costly as compared to other architectures
•    Much complex and requires very careful configuration between guarding machines

Posted Date: 9/13/2012 5:52:57 AM | Location : United States







Related Discussions:- Firewall architectures-screened subnet architecture, Assignment Help, Ask Question on Firewall architectures-screened subnet architecture, Get Answer, Expert's Help, Firewall architectures-screened subnet architecture Discussions

Write discussion on Firewall architectures-screened subnet architecture
Your posts are moderated
Related Questions
ERROR REPORTING MECHANISM (ICMP) INTRODUCTION:  IP gives best-effort delivery. Delivery causes can be ignored; datagrams may be 'dropped on the ground'. Internet Control Me

Question: (a) Explain and illustrate with a drawing the three-layer feedforward multilayer perceptron neural network. (b) Summarize the standard backpropagation algorithm in

Q. Attacks on wireless network WSN are vulnerable to attacks which compromise the integrity of the WSN nodes by decreasing the nodes' fault tolerance capabilities, data distrib

Problem 1: List measurable entities on which the quality of service in a data communication network depends Problem 2: Show the features of a typical Network Management

Use the Chinese remainder theorem to evaluate x from the following simultaneous congruences: x ≡ 1 (mod 2); x ≡ 2 (mod 3); x ≡ 3 (mod 5). Calculate gcd(14526, 2568). (

Intercultural sensitivity: recognising differences You represent a Mauritian computer company which is negotiating to buy hardware from a manufacturer in Japan. In your first

Risk Control Strategies Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk: •    Apply safeguards wh

Explain how can we achieved privacy in an e-mail system.  The full form of PEM is Privacy Enhanced Mail: PEM  is  the  internet  Privacy  Enhanced  Mail  standard  adopted

Question (a) Estimate the average throughput between two hosts given that the RTT for a 100 bytes ICMP request-reply is 1 millisecond and that for a 1500 bytes is 2 millisecon

Network security is an issue for companies regardless of whether they participate in electronic commerce; however, since most organizations have a Web site that allows some interac