• 3.3.1. Dual-homed architecture
  • Figure 2.
    		•

    Research on firewall technology and its application in computer network security strategy Peihong Wang




    Download 234,35 Kb.
    Pdf ko'rish
    bet7/13
    Sana28.01.2024
    Hajmi234,35 Kb.
    #147542
    1   2   3   4   5   6   7   8   9   10   ...   13
    Bog'liq
    Research on firewall technology and its applicatio

    3.3. Firewall architecture 
    The architecture of a firewall refers to the physical location 
    of the firewall in the network and its relationship with other 
    devices in the network. Only by choosing and configuring the 
    firewall topology reasonably can it have the best security 
    performance. There are four common architectures of 
    firewalls as follows. 
    3.3.1. Dual-homed architecture 
    This architecture is actually a firewall configured with two 
    network port host systems, where one network port is 
    connected to the internal network and the other port is 
    connected to the external network, and the host controls 
    whether packets can pass through the port between the two 
    networks through control policies. Since the dual-homed host 
    is the transmission channel for communication between the 
    two networks, the dual-homed host may become a bottleneck 
    for communication when the network communication volume 
    is large, so the dual-homed host should be selected with good 
    performance. As shown in Figure 2 
    Figure 2. Schematic diagram of dual-homed host structure 
    3.3.2. Single-segment firewall architecture with a 
    shielded router 
    This architecture consists of a shielded router and a bastion 
    host. The bastion host has only one NIC connected to the 
    internal network and becomes the only site accessible to the 
    external network. The shield router makes all incoming 
    information must be sent to the bastion host first and only 
    accepts information from the output of the bastion host. All 
    hosts on the internal network can also only access the bastion 
    host, and the bastion host becomes the bridge between the 
    hosts on the external network and the hosts on the internal 
    network. The blocking router denies the internal network 
    hosts direct access to the external network, and requests from 
    the internal network hosts to access the external network must 
    be proxied through the bastion host. To ensure that the above 
    fixed packet path is not changed, the shield router should 
    perform the necessary configuration, such as setting up static 
    routes. 

    Download 234,35 Kb.
    1   2   3   4   5   6   7   8   9   10   ...   13




    Download 234,35 Kb.
    Pdf ko'rish
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Research on firewall technology and its application in computer network security strategy Peihong Wang

    Download 234,35 Kb.
    Pdf ko'rish