tailieunhanh - The Illustrated Network- P75
The Illustrated Network- P75:In this chapter, you will learn about the protocol stack used on the global public Internet and how these protocols have been evolving in today’s world. We’ll review some key basic defi nitions and see the network used to illustrate all of the examples in this book, as well as the packet content, the role that hosts and routers play on the network, and how graphic user and command line interfaces (GUI and CLI, respectively) both are used to interact with devices. | CHAPTER 28 Firewalls 709 FIGURE A firewall with bastion host between router and firewall and therefore untrusted . The DMZ concept has the ability to offer multiple types of protection all in a flexible scalable and robust package. DMZs can be designed with failover capabilities as well. DMZs can be constructed with one or two firewalls and two are better for security purposes. With one firewall the bastion host is reached only through the firewall itself usually on a separate interface. The firewall can screen outside traffic a screened subnet perhaps allowing only access to port 80 for a Web server. Nothing is allowed in of course except in reply to an internal query and even that is typically allowed only from specific hosts or on certain ports . This arrangement is shown in Figure . The dual-firewall DMZ is the most sophisticated arrangement. There are both inner and outer firewalls and the LAN between them is a true DMZ. Multiple servers such as an anonymous FTP download server and a public Web server can be protected in many ways. These devices can still be bastion hosts but the protection on the DMZ servers Internet or untrusted - network r Protected Resources Bastion host untrusted on screened subnet FIGURE Firewall with bastion host and DMZ. Note the bastion host relation to the firewall. 710 PART VI Security themselves can be minimal because they all have the full protection of a firewall in whatever direction the traffic comes from or goes to. The dual-firewall DMZ is shown in Figure . The characteristics of these four basic firewall positions are compared in Table . Inner and Outer Firewalls Bastion host untrusted on DMZ FIGURE Dual firewalls with DMZ showing how the bastion host is positioned on the DMZ. Table Advantages and Disadvantages of the Basic Firewall Designs Type Advantages Disadvantages Good for. Single firewall Inexpensive easy to configure and maintain Low security level difficult to scale Home or small .
đang nạp các trang xem trước