The perimeter Router is typically a standard
router providing a serial connection to the outside world and a LAN
connection to the internal network. The perimeter router should provide
any filtering of outside traffic to implement basic security for the
dirty DMZ and preliminary filtering for the inside network. This device
could be running the firewall feature set for additional security
options.
Because the perimeter router is often connected to a slower WAN
interface on one side and it doesn’t normally provide routing functions
for internal networks, the LAN interface speed isn’t as critical as
making sure adequate memory and features exist to handle the outside
connection.
The internal
router is to provide mitigation function of the network in case the
trusted network inside had been compromise to prevent spreading of the
attacks to the DMZ side. On top of that, the router also provides better
routing options thus improving the performance of the network.
A firewall is a device or set of devices designed to permit or
deny network transmissions based on a set of rules and is frequently
used to protect networks from unauthorized access while permitting
legitimate communications to pass.
Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers
that pass data between networks contain firewall components and,
conversely, many firewalls can perform basic routing functions.
There are different types of firewalls depending on where the
communication is taking place, where the communication is intercepted
and the state that is being traced
Application-layer - Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgment to the sender.
- Network layer - Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term "packet filter" originated in the context of BSD operating systems.
No comments:
Post a Comment