Dual-Firewall Architecture

The dual-firewall architecture is more complex than the single-firewall architecture, but it is also a more secure overall design and provides for a much more granular level of control over traffic traversing the firewalls
Nội dung trích xuất từ tài liệu:
Dual-Firewall ArchitectureDual-Firewall ArchitectureThe dual-firewall architecture is more complex than the single-firewall architecture, but itis also a more secure overall design and provides for a much more granular level ofcontrol over traffic traversing the firewalls. This is because the architecture uses twofirewalls, ideally of different vendors and models, to act as exterior and interior firewallsproviding a DMZ segment between the two firewalls, as shown in Figure 9-3. Likeprevious designs, traffic is permitted into the DMZ segment as well as from the internalnetwork to the external network, but no traffic from the external network is permitteddirectly to the internal network. Figure 9-3. Dual-Firewall Architecture [View full size image]The granular control in a dual-firewall architecture comes from the fact that each firewallcontrols a subset of all the traffic entering and exiting a network. Because untrusted (thatis, external) traffic should never be allowed to directly access a trusted (that is, internal)network, the exterior firewall can be configured specifically to grant access to and fromthe DMZ segment and external systems. Similarly, the interior firewall can be configuredto grant access to and from the DMZ segment and internal resources. This allows for thecreation of two distinct and independent points of control of all traffic into and out of allcorporate network segments, whether they are DMZ segments or internal networksegments.When a dual-firewall architecture is implemented with different firewall models (forexample, a Cisco PIX Firewall and a Microsoft ISA Server firewall), you also gainadditional security because an attacker would need to compromise two separate firewalls(which will likely not be susceptible to the same attack methods) to gain access toprotected resources. In addition, an attacker also needs to be knowledgeable in theworkings of two different types of firewalls to tamper with the configurations.The downsides of a dual-firewall architecture relate to implementation complexity andcost. With regard to complexity, a dual-firewall architecture frequently requires someform of routing be implemented in the DMZ segment to allow resources in the DMZsegment to send external-destined traffic to the exterior firewall and internal-destinedtraffic to the interior firewall. Although many companies just use static routingstatements on the servers themselves, the larger the number of servers in the DMZ, themore difficult it becomes to manage and maintain so many routing statements. Whereasrouters can be used, allowing the administrator just to update the router with new routes,the use of routing protocols should be avoided, because an attacker can potentially usethe information provided by the routing protocol to gain insight regarding the internalnetwork topology and structure.Aside from the obvious costs related to implementing and maintaining multiple firewalls,it is also more expensive to implement and manage a dual-firewall architecture becauseyou need people who understand multiple firewall technologies.Because of the cost and complexity of the dual-firewall architecture, it is typicallyimplemented in environments with critical security requirements such as banking,government, finance, and larger medical organizations.