- Packet Filtering Routers
- Position: Sits between trusted and untrusted networks, sometimes used as a boundary router.
- Function: Uses Access Control Lists (ACLs) to protect against standard external attacks.
- Limitations: No user authentication and minimal auditing capabilities.
- Screened-Host Firewall System
- Components: Combines a packet-filter router with a bastion host.
- Function: Provides protection at both the network layer (packet filtering) and the application layer (proxy server).
- Dual-Homed Host Firewall
- Structure: Consists of a host with two Network Interface Cards (NICs), one connected to a trusted network and the other to an untrusted network.
- Function: Acts as a translator between two network types, such as Ethernet and Token Ring.
- Security Measure: Internal routing capabilities must be disabled to prevent circumvention of data inspection.
- Screened-Subnet Firewalls
- Function: Establishes a De-Militarized Zone (DMZ), a small network situated between trusted and untrusted networks.
- Purpose: Provides an additional layer of security by isolating the DMZ from the internal network.
- Socks Firewall
- Implementation: Requires installing Socks software on every workstation.
- Function: Helps reduce overhead by managing communication between clients and servers through a proxy server.
- Tiers
- Design: Separates distinct protected zones within a network.
- Protection: Can be managed by a single firewall with multiple interfaces to secure different zones.
This architecture demonstrates the diverse strategies available to protect networks, each offering varying degrees of security, flexibility, and complexity based on organizational needs.