| 방화벽 종류 | 구성 | 특징 |
| Screening Router | [내부] - [Router] - [외부] | 1. IP, Port 주소 기반으로 필터링 2. Packet filtering FW 3. Log 관리 다소 부적합(=책임추적성x) |
| Screened host | [내부] - [Bastion Host] - [Router] - [외부] | 1. Log 관리 적합 2. 보안성 : Application> Stateful> packet filtering 3. 속도 : Packet filtering > Stateful> Application 4. Bastion host는 Lock down상태 1세대 FW : Packet Filtering FW 2세대 FW : Application FW(=Stateless) - 상태기억x, 모든 패킷 항상 검사 3세대 FW : Stateful FW - 유사한 패킷은 검사안함 |
| Screened Subnet | [내부] - [Router] - [Bastion Host] - [Router] - [외부] | DMZ와 관련있고 가장 Secure한 방화벽 아키텍처 |
| Dual-Home Host | [내부] - [Proxy Server] [외부] |
1. Proxy Server 한 대에 내부용, 외부용 NIC 2개 장착 |
* 출처
Firewall design - SunWorld - January 1996 (uakom.sk)
Firewall design - SunWorld - January 1996
A computer system that must be highly secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks. It gets its name from the highly fortified projections on the out
sunsite.uakom.sk
Firewall Architectures (Building Internet Firewalls, 2nd Edition) (mik.ua)
Firewall Architectures (Building Internet Firewalls, 2nd Edition)
Chapter 6. Firewall Architectures This chapter describes a variety of ways to put firewall components together, and discusses their advantages and disadvantages. We'll tell you what some appropriate uses are for each architecture. 6.1. Single-Box Architect
docstore.mik.ua
'정보보안기사&CISSP관련 > Network Security' 카테고리의 다른 글
| [Day 265] IMAP, POP3 (0) | 2021.05.01 |
|---|---|
| [Day 261] Fail Safe, Fail Secure (0) | 2021.04.27 |
| [Day 174] GARP(Gratuitous ARP) (0) | 2021.01.31 |
| [Day 148] RADIUS(Remote Authentication Dial-In User Service) (0) | 2021.01.05 |
| [Day 128] Datagram Transport Layer Security (DTLS) (0) | 2020.12.16 |
