Interested to Buy Any Domain ? << Click Here >> for more details...
Answer Posted / allu subash mohan ganesh
Single firewall
A single firewall with at least 3 network interfaces can be
used to create a network architecture containing a DMZ. The
external network is formed from the ISP to the firewall on
the first network interface, the internal network is formed
from the second network interface, and the DMZ is formed
from the third network interface. The firewall becomes a
single point of failure for the network and must be able to
handle all of the traffic going to the DMZ as well as the
internal network. The zones are usually marked with colors -
for example, purple for LAN, green for DMZ, red for
Internet (with often another color used for wireless zones).
[edit] Dual firewalls
A more secure approach is to use two firewalls to create a
DMZ. The first firewall (also called the "front-end"
firewall) must be configured to allow traffic destined to
the DMZ only. The second firewall (also called "back-end"
firewall) allows only traffic from the DMZ to the internal
network. The first firewall handles a much larger amount of
traffic than the second firewall.
Some recommend that the two firewalls be provided by two
different vendors. If an attacker manages to break through
the first firewall, it will take more time to break through
the second one if it is made by a different vendor. (This
architecture is, of course, more costly.) The practice of
using different firewalls from different vendors is
sometimes described as either "defense in depth" or (from
an opposing viewpoint) "security through obscurity".
[edit] DMZ host
Some home routers refer to a DMZ host. A home router DMZ
host is a host on the internal network that has all ports
exposed, except those ports otherwise forwarded. By
definition this is not a true DMZ (Demilitarized Zone),
since it alone does not separate the host from the internal
network. That is, the DMZ host is able to connect to hosts
on the internal network, whereas hosts within a real DMZ
are prevented from connecting with the internal network by
a firewall that separates them, unless the firewall permits
the connection. A firewall may allow this if a host on the
internal network first requests a connection to the host
within the DMZ. The DMZ host provides none of the security
advantages that a subnet provides and is often used as an
easy method of forwarding all ports to another firewall /
NAT device.
| Is This Answer Correct ? | 5 Yes | 0 No |
Post New Answer View All Answers
What is Cross Site Request Forgery and how to defend against it?
What is the role of single sign on in authentication technologies?
What is the difference between cybersecurity and information security?
What is an arp and how does it work?
What are the types fo ddos attacks?
Why should you care about the OSI Reference Model
What is difference between baseband and broadband transmission
What is secure remote access?
What is BSOD?
What are the main components of the CERT Taxonomy?
What is next-generation firewall (ngfw)?
How does traceroute work? Now how does traceroute make sure that the packet follows the same path that a previous (with ttl - 1) probe packet went in?
How to you keep yourself updated on network security ?
What is network security?
How does network security work?
