
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
28
|
Chapter 2: Designing Perimeter Networks
A Strong Screened-Subnet Architecture
The architecture in Figure 2-4 is therefore better: both the DMZ and the internal net-
works are protected by full-featured firewalls that are almost certainly more sophisti-
cated than routers.
The weaker screened-subnet design in Figure 2-3 is still used by some sites, but in my
opinion, it places too much trust in routers. This is problematic for several reasons.
First, routers are often under the control of a different person from the firewall, and
this person may insist that the router have a weak administrative password, weak
access-control lists, or even an attached modem so that the router’s vendor can
maintain it! Second, some routers are more hackable than well-configured comput-
ers (for example, by default, they nearly always support remote administration via
Telnet, an insecure service).
Finally, packet filtering alone is a crude and incomplete means of regulating network
traffic. Simple packet filtering seldom suffices when the stakes are high, unless per-
formed by a well-configured firewall with additional features and comprehensive log-
ging.
The architecture in Figure 2-4 is useful when very high volumes of traffic must be
supported, as it addresses a significant drawback of the three-homed ...