Title | Describe single bastion hosts, screened host firewall & screened subnet firewalls |
---|---|
Author | John Owens |
Course | Fundamentals of Information Security |
Institution | Tarrant County College |
Pages | 1 |
File Size | 41.6 KB |
File Type | |
Total Downloads | 25 |
Total Views | 130 |
What is a single bastion, screen host, and screen subnet firewalls...
John Owens INSY 1300-11579 Mrs. Ghaedi Describe single bastion hosts, screened host firewall & screened subnet firewalls There are two types of screened host, one is a single homed bastion host and the other is a dual homed bastion host. In the case of a single homed bastion host the firewall system consists of a packet filtering router and a bastion host. The bastion host is basically a single computer with high security configuration, which has the following characteristics: the internet traffic can only reach the bastion host, it will be blocked from reaching the internal network and the internet traffic having IP addresses can only go to the internet, no traffic from the internal network can go to the internet. The main problem with the single homed bastion host is that if the packet filter route gets compromised the whole network will come down crashing. Using a dual screen hosted firewall, where a bastion host has two network cards, one used for internal connection and the other one is used for router connection. This is safer, as if the router gets compromised, the internal network will remain intact. Screened subnet firewalls are one of the most secured firewall configurations. In this, there are two packet filtering routers and the bastion host is positioned in between the two routers. In most cases, both the internet and the internal users have access to both subnets. The purpose of the screened subnet firewall is to isolate the DMZ and its publicly-accessible resources from the internet, thereby focusing on the external attention. Using this firewall, it is more difficult to attack the internet itself. With the correct configurations and using a private IP address, attacks become almost none existent using the screened subnet firewall configuration....