What Is a Screened Subnet?
Screened Subnet. This method is to establish an isolated subnet between the internal network and the external network. This group is separated from the internal network and the external network by two packet filtering routers. In many implementations, two packet filtering routers are placed at both ends of a subnet, forming a "demilitarized zone" DMZ within the subnet. Some shielded subnets also have a bastion host as the only accessible point that supports terminal interaction or acts as an application gateway proxy. The danger zone of this configuration includes only the bastion host, subnet host, and all routers connected to the internal network, external network, and shielded subnet.
Shielded Subnet
Right!
- Chinese name
- Shielded Subnet
- Foreign name
- Screened Subnet
- Brief introduction
- Establish an isolated subnet
- Features
- Reconfigure routers connected to three networks
- Screened Subnet. This method is to establish an isolated subnet between the internal network and the external network. This group is separated from the internal network and the external network by two packet filtering routers. In many implementations, two packet filtering routers are placed at both ends of a subnet, forming a "demilitarized zone" DMZ within the subnet. Some shielded subnets also have a bastion host as the only accessible point that supports terminal interaction or acts as an application gateway proxy. The danger zone of this configuration includes only the bastion host, subnet host, and all routers connected to the internal network, external network, and shielded subnet.
- If an attacker tries to completely break the firewall, he must reconfigure the routers that connect the three networks, neither cutting off the connection nor locking himself out, and at the same time not discovering himself. This is also possible. However, if the network is blocked from accessing the router or only certain hosts in the internal network are allowed to access it, the attack becomes difficult. In this case, the attacker must first penetrate the bastion host, then enter the intranet host, and then return to destroy the shield router. The entire process cannot raise an alarm.
- A shielded subnet firewall can help establish an unprotected zone. This type of firewall uses a bastion host sandwiched between two routers to be the most secure firewall system.