Interested to Buy Any Domain ? << Click Here >> for more details...
Answer Posted / allu subash mohan ganesh
Single firewall
A single firewall with at least 3 network interfaces can be
used to create a network architecture containing a DMZ. The
external network is formed from the ISP to the firewall on
the first network interface, the internal network is formed
from the second network interface, and the DMZ is formed
from the third network interface. The firewall becomes a
single point of failure for the network and must be able to
handle all of the traffic going to the DMZ as well as the
internal network. The zones are usually marked with colors -
for example, purple for LAN, green for DMZ, red for
Internet (with often another color used for wireless zones).
[edit] Dual firewalls
A more secure approach is to use two firewalls to create a
DMZ. The first firewall (also called the "front-end"
firewall) must be configured to allow traffic destined to
the DMZ only. The second firewall (also called "back-end"
firewall) allows only traffic from the DMZ to the internal
network. The first firewall handles a much larger amount of
traffic than the second firewall.
Some recommend that the two firewalls be provided by two
different vendors. If an attacker manages to break through
the first firewall, it will take more time to break through
the second one if it is made by a different vendor. (This
architecture is, of course, more costly.) The practice of
using different firewalls from different vendors is
sometimes described as either "defense in depth" or (from
an opposing viewpoint) "security through obscurity".
[edit] DMZ host
Some home routers refer to a DMZ host. A home router DMZ
host is a host on the internal network that has all ports
exposed, except those ports otherwise forwarded. By
definition this is not a true DMZ (Demilitarized Zone),
since it alone does not separate the host from the internal
network. That is, the DMZ host is able to connect to hosts
on the internal network, whereas hosts within a real DMZ
are prevented from connecting with the internal network by
a firewall that separates them, unless the firewall permits
the connection. A firewall may allow this if a host on the
internal network first requests a connection to the host
within the DMZ. The DMZ host provides none of the security
advantages that a subnet provides and is often used as an
easy method of forwarding all ports to another firewall /
NAT device.
| Is This Answer Correct ? | 5 Yes | 0 No |
Post New Answer View All Answers
What type of network do you use at home?
explain what is meant by port blocking within lan?
What are the types of LAN cables used? What is a cross cable?
How does a virtual private network (vpn) work?
who is a hacker?
Different Bitwin ADSL & DSL ROUTER? How To Configure
How do we do authentication with message digest(md5)?
Explain what are digital signatures and smart cards?
What is adware?
What are the benefits of the firewall?
What are the main components of the CERT Taxonomy?
Explain what are all the technical steps involved when the data transmission from server via router?
What is subnet
How to you keep yourself updated on network security ?
What are the different type of networking / internetworking devices
