1. Screened host firewall system (single-homed bastion)
In this configuration, the firewall function will be performed by a packet filtering router
and the bastion host *. This router is configured such that for all
flow data from the Internet, only the IP packet toward the bastion host are allowed.
While for the data flow (traffic) from the internal network, only IP packets from
bastion hosts that are allowed to exit. This configuration supports
fleksibilitasdalam Internet access directly, for example if there are
web server on the network can be configured so that the web server can
accessed directly from the Internet. Bastion Host performs authentication and
function as a proxy. This configuration provides a better level of security
better than packet-filtering router or an application-level gateway
separately.
2. Screened host firewall system (dual-homed bastion)
In this configuration, there will be a physical fault / gaps in the network.
The advantages is the existence of two paths which are physically so separete
will further enhance security configuration than the first, as for for
servers that require direct access (direct access) then it can be in
put in place / segmenrt directly connected to the internet. This
can be done by using two pieces NIC (network interface card)
on the bastion host.
3. Screened subnet firewall
This is the highest configuration level of security. why?
because in this configuration is in use two pieces of packet filtering router, first among
Internet and the bastion host, while a longer Bastian between host and local network
This configuration forms an isolated subnet.
The advantages are:
- There are three layers / levels of defense against penyususp / intruder.
- Router to serve out only the relationship between the Internet and the bastion
hosts so that local networks become invisible (invisible)
- The local network can not direct routing construct
Internet, or in other words, the Internet becomes Invinsible (not
means can not make an internet connection).
0 komentar:
Posting Komentar