Firewall Architectures

James E. Goldman, Purdue University

Introduction

Brief Review of Firewall Functionality

Requirements Analysis for Firewall Architectures

Importance of Understanding Security Requirements

Clean Networks and Dirty Networks

Risk Domains

Requirements versus Firewall Functionality

Enterprise Firewall Architectures

Conceptual Design Options of Firewall Architectures

Defense in Depth

Perimeter Security

Firewall Architecture Design Elements

Packet-Filtering Routers

Functionality

Perimeter Firewall Architecture

Functionality

Server/Host Firewall Architecture

Functionality

Screened Subnet Firewall Architecture

Functionality

Multitiered/Distributed DMZ Architecture

Functionality

Air Gap Architecture

Functionality

Conclusion

Glossary

Cross References

Further Reading

INTRODUCTION

When an organization or individual links to the Internet, it creates a two-way access point in and out of their information systems. To prevent unauthorized activities between the Internet and the private network, a specialized hardware, software, or software–hardware combination known as a firewall is often deployed.

Brief Review of Firewall Functionality

Firewall software often runs on a dedicated server between the Internet and the protected network. Firmware-based firewalls and single-purpose dedicated firewall appliances are situated in a similar location on a network and provide similar functionality to the software-based firewall. All network traffic entering the firewall is examined, ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.