SecurityArena

Guide to Practical Info Security!

Who's Online

We have 3 guests online
CBK Telecommunications and Network Security
Print E-mail
Written by Administrator   
Saturday, 11 July 2009 04:09
Article Index
CBK Telecommunications and Network Security
Open System Interconnect Model
LAN media Access technologies
Cabling
Types of transmission
Network Topology
Protocols
Networking devices
Firewalls
Firewall architecture
Networking Services
VPN - Virtual Private Network
Common Authentication Protocols
RAID
SAN vs NAS
All Pages
Page 10 of 15

Firewall architecture

Bastion Host
The first and most simple option is the use of a bastion host. In this scenario, the firewall is placed between the Internet and the protected network. It filters all traffic entering or leaving the network.
The bastion host toplogy is well suited for relatively simple networks, which don't offer any public Internet services. The key factor to keep in mind is that it offers only a single boundary.

DMZ

In computer networks, a DMZ is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to company intranet and vice versa.
Screened Subnet
A screened subnet or "triple-homed firewall" is a network architecture that uses a single firewall with three network interfaces.

  • Interface 1 is the public interface and connects to the Internet.
  • Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached.
  • Interface 3 connects to an intranet for access to and from internal networks.

Even if the firewall itself is compromised, access to the intranet should not be available, as long as the firewall has been properly configured.

Screened Host
The screened host architecture, is a lower-security, lower-cost alternative to the screened subnet architecture. In this architecture, there is no perimeter net, no interior router, and often no bastion host per se. There is a host that the outside world talks to, but this host is often not dedicated solely to that task. What you have instead is a single router and a services host that provides Internet services to internal and external clients.
The router is there to protect and control access to the internal net, and the services host is there to interact with the outside world, much like a bastion host. We call it a services host, rather than a bastion host, because it's often fulfilling many other roles.

Dual-homed firewall

A dual-homed host is a term used to reference a type of firewall that uses two (or more) network interfaces. One connection is an internal network and the second connection is to the Internet.

Honeypot
It is a computer that sits in the DMZ in hopes to lure attackers to it instead of actual production computers. 

  "The default action of any firewall should be to implicitly deny any packets, if not allowed explicitly." 



Last Updated on Friday, 28 August 2009 05:02
 
Please register or login to add your comments to this article.
Banner
Copyright © 2010 Information Security Arena. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.
 
Joomla 1.5 Templates by Joomlashack