This scenario is recommended for businesses with the following Internet requirements:
-
All (or specified) workstations and servers need access to the Internet
-
No connection from the Internet is permitted to access the LAN
-
Corporate e-mail and web site is located at the customer premises.
-
Hardened security is required for DMZ and LAN, including dedicated IDS device
In the scenario above, the DMZ is connected through Firewall-1 and the access router to the Internet, and is connected to the LAN through Firewall-2. The dual firewall design provides multi-tier network protection so that if intruders penetrate the external Firewall-1, the LAN is still protected by Firewall-2. This design provides the system administrator the time to analyze his logs from the IDS hardware and update his security profile.
© 2004 Care+Net Computer Services - all rights reserved