Networking / Beginners

Screened subnet

The screened subnet architecture is essentially the same as the screened host architecture, but the screened subnet architecture adds an extra stratum of security by creating a network in which the bastion host resides (often called a perimeter network), which is separated from the internal network.

Tip: A screened subnet should be deployed by adding a perimeter network to separate the internal network from the external. This ensures that if there is a successful attack on the bastion host, the attacker is restricted to the perimeter network by the screening router that is connected between the internal and the perimeter network.

[Previous] [Contents] [Next]