Name firewall architectures?
- 4 Answers
- 7851 Views
- I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / allu subash mohan ganesh
Single firewall
A single firewall with at least 3 network interfaces can be
used to create a network architecture containing a DMZ. The
external network is formed from the ISP to the firewall on
the first network interface, the internal network is formed
from the second network interface, and the DMZ is formed
from the third network interface. The firewall becomes a
single point of failure for the network and must be able to
handle all of the traffic going to the DMZ as well as the
internal network. The zones are usually marked with colors -
for example, purple for LAN, green for DMZ, red for
Internet (with often another color used for wireless zones).
[edit] Dual firewalls
A more secure approach is to use two firewalls to create a
DMZ. The first firewall (also called the "front-end"
firewall) must be configured to allow traffic destined to
the DMZ only. The second firewall (also called "back-end"
firewall) allows only traffic from the DMZ to the internal
network. The first firewall handles a much larger amount of
traffic than the second firewall.
Some recommend that the two firewalls be provided by two
different vendors. If an attacker manages to break through
the first firewall, it will take more time to break through
the second one if it is made by a different vendor. (This
architecture is, of course, more costly.) The practice of
using different firewalls from different vendors is
sometimes described as either "defense in depth" or (from
an opposing viewpoint) "security through obscurity".
[edit] DMZ host
Some home routers refer to a DMZ host. A home router DMZ
host is a host on the internal network that has all ports
exposed, except those ports otherwise forwarded. By
definition this is not a true DMZ (Demilitarized Zone),
since it alone does not separate the host from the internal
network. That is, the DMZ host is able to connect to hosts
on the internal network, whereas hosts within a real DMZ
are prevented from connecting with the internal network by
a firewall that separates them, unless the firewall permits
the connection. A firewall may allow this if a host on the
internal network first requests a connection to the host
within the DMZ. The DMZ host provides none of the security
advantages that a subnet provides and is often used as an
easy method of forwarding all ports to another firewall /
NAT device.
| Is This Answer Correct ? | 5 Yes | 0 No |
Answer / asad aslam
Screening Router
Dual-homed Host
Screened Host
Screened Subnet
Internal Firewall
Personal Firewall
| Is This Answer Correct ? | 5 Yes | 1 No |
Answer / s.m.feroz ahmed
Hi,
A Firewall is a device and allows Interested Traffic into
different Networks.A Firewall is placed outside Network for
packet filtering and allowing Interested Traffic inside
Network and to stop attacks.A stateful packet filtering
firewall is also known as Deep Injection Firewall.
Firewall Architechture consists of outside ,inside and DMZ
Network.Ethernet (E0) is always considered as Outside
Network by default and is recommended in Cisco ASA.E1 and
E2 are always considered as inside and DMZ network.Always
Outside Network will have Security-Level 0 and Inside
Network with Security-level 100 and DMZ as 50 .
| Is This Answer Correct ? | 0 Yes | 1 No |
Answer / s.m.feroz ahmed
Hi,
The firewall architecture is defined as below :
Always E0 in firewall is configured for outside network and
E1 and E2 for inside network and dmz (Demilitarised Zone)
For E0 the security-level is always by default 0 and for
inside network the security-level will 100 and for dmz one
can configure security-level.
| Is This Answer Correct ? | 0 Yes | 1 No |
What is a security policy?
What is information security?
Name the port used by PING.
What are the possible means of Internet attacks?
What is the purpose of a firewall?
I am working in a Engg college at Orissa. I am having windows xp OS. We have a linux server in CSE dept. My question is that in client site I want access facebook and torrent sites. The above sites are blocked in Linux server. So How can I unblock these particular sites in client system. Is there any software available for that ? plz give me some idea about this ?
What is dss?
How do we do authentication with message digest(md5)?
what is firewall and types of it?
Name firewall architectures?
how to block a website in xp
What is the difference between arp & rarp?
Networking Protocols 
