본문 바로가기
정보보안기사&CISSP관련/Network Security

[Day 209] 방화벽 종류

by minimalist_2022 2021. 3. 6.
방화벽 종류 구성 특징
Screening Router [내부] - [Router] - [외부] 1. IP, Port 주소 기반으로 필터링
2. Packet filtering FW
3. Log 관리 다소 부적합(=책임추적성x)
Screened host [내부] - [Bastion Host] - [Router] - [외부] 1. Log 관리 적합
2. 보안성 : Application> Stateful> packet filtering
3. 속도 : Packet filtering > Stateful> Application
4. Bastion host는 Lock down상태

1세대 FW : Packet Filtering FW
2세대 FW : Application FW(=Stateless) 
- 상태기억x, 모든 패킷 항상 검사
3세대 FW : Stateful FW
- 유사한 패킷은 검사안함
Screened Subnet [내부] - [Router] - [Bastion Host] - [Router] - [외부] DMZ와 관련있고 가장 Secure한 방화벽 아키텍처
Dual-Home Host [내부] 
         - [Proxy Server]
[외부]
1. Proxy Server 한 대에 내부용, 외부용 NIC 2개 장착

 

Using a screening router to do packet filtering 

 

Screened host architecture

 

Screened subnet architecture (using two routers)
Using proxy services with a dual-homed host

 


* 출처 

Firewall design - SunWorld - January 1996 (uakom.sk)

 

Firewall design - SunWorld - January 1996

A computer system that must be highly secured because it is vulnerable to attack, usually because it is exposed to the Internet and is a main point of contact for users of internal networks. It gets its name from the highly fortified projections on the out

sunsite.uakom.sk

Firewall Architectures (Building Internet Firewalls, 2nd Edition) (mik.ua)

 

Firewall Architectures (Building Internet Firewalls, 2nd Edition)

Chapter 6. Firewall Architectures This chapter describes a variety of ways to put firewall components together, and discusses their advantages and disadvantages. We'll tell you what some appropriate uses are for each architecture. 6.1. Single-Box Architect

docstore.mik.ua