Networking / Beginners

Screened subnet

The screened subnet architecture is essentially the same as the screened host architecture, but the screened subnet architecture adds an extra stratum of security by creating a network in which the bastion host resides (often called a perimeter network), which is separated from the internal network.

Tip: A screened subnet should be deployed by adding a perimeter network to separate the internal network from the external. This ensures that if there is a successful attack on the bastion host, the attacker is restricted to the perimeter network by the screening router that is connected between the internal and the perimeter network.

[Previous] [Contents] [Next]

In this tutorial:

  1. Firewall Security Policy
  2. Firewall protection
  3. Firewall architectures
  4. Multi-homed host
  5. Screened host
  6. Screened subnet
  7. Types of firewalls
  8. Packet-filtering gateways
  9. Application gateways
  10. Hybrid or complex gateways
  11. Routing versus forwarding
  12. IP spoofing
  13. DNS and mail resolution
  14. Intranet
  15. Network trust relationships
  16. Virtual private networks
  17. Qualification of the firewall administrator
  18. Remote firewall administration
  19. Firewall backup
  20. System integrity
  21. Physical firewall security
  22. Firewall incident handling
  23. Upgrading the firewall
  24. Revision/update of firewall policy
  25. Examples of service-specific policies