Firewall architectures-screened subnet architecture, Computer Network Security

Screened Subnet Architecture


This setup provides an extra security layer to screened host architecture by creating a perimeter subnet which further isolates internal network from the Internet.In this architecture two screening routers and a single screening host is used. Both routers are connected to create the perimeter subnet also called Demilitarized Zone (DMZ). Screening host sits in this subnet between two routers. One router is facing the Internet and other is facing local network. Now to break into the internal network an attacker has to pass through both the routers. Even if it breaks through screening host it still has to pass through the internal router. The DMZ could also contain all information servers, modem pools and other systems that require careful controlled access.


Advantages


•    Provides maximum depth of defense
•    Local network can provide services to outside without compromising to inside
•    Much flexible than previous solutions


Disadvantages


•    Costly as compared to other architectures
•    Much complex and requires very careful configuration between guarding machines

Posted Date: 9/13/2012 5:52:57 AM | Location : United States







Related Discussions:- Firewall architectures-screened subnet architecture, Assignment Help, Ask Question on Firewall architectures-screened subnet architecture, Get Answer, Expert's Help, Firewall architectures-screened subnet architecture Discussions

Write discussion on Firewall architectures-screened subnet architecture
Your posts are moderated
Related Questions
Risk Determination For purpose of relative risk assessment, risk equals probability of vulnerability occurrence TIMES value MINUS percentage risk already controlled PLUS an elem

PARSING IPv6 HEADERS Base header is fixed in size i.e. 40 octets. NEXT HEADER field in the base header describe kind of header and it seems at end of fixed-size base header. S

Question: (a) i. Explain what is meant by Discretionary Access Control and Mandatory Access Control ii. Which method would be the most effective to ensure that users do

Question: (a) What do you understand by the term "integrity"? (b) Which type of attack denies authorized users access to network resources? (c) You have discovered tha

Secure Socket Layer (SSL) accepts a combination of asymmetric and symmetric (public-key) encryption to accomplish integrity, confidentiality, authentication and non-repudiation for

Write a two to three (2-3) page paper in which you: Explain how the Web user interfaces help donors to make decisions. Relate the emotional thread demonstrated in the case study to

Q. Explain the random key distribution? The triple key management mechanisms ensure a better and complete security solution using the random key distribution mechanism. In this

Vulnerability Identification Specific avenues threat agents can exploit to attack an information asset are known as vulnerabilities. Examine how each threat can be generated and

The following message was enciphered with a Vigenère cipher. aikiaawgfspxeppvjabjnivulfznzvkrlidamsmyamlvskniyffdpbwtnxsvvbtnamvltsefoeycztkomylmerkwrs deusjgecmzkwvnreeyp

implementing password policy in organisation