screened subnet

• Interface 1 is the public interface and connects to the Internet.
• Interface 2 connects to a DMZ (demilitarized zone) to which hosted public services are attached.
• Interface 3 connects to an intranet for access to and from internal networks.

The purpose of the screened subnet architecture is to isolate the DMZ and its publicly-accessible resources from the intranet, thereby focusing external attention and any possible attack on that subnet. The architecture also separates the intranet and DMZ networks, making it more difficult to attack the intranet itself. When a properly configured firewall is combined with the use of private IP addresses on one or both of these subnets, attack becomes that much more difficult.

Read more about screened subnet: - For more information on screened subnets see Mike Chapple’s ‘Choosing the right firewall topology: Bastion host, screened subnet or dual firewalls’ at SearchSecurity.com. - SearchSecurity.com's network firewalls topic offers relevant news, help and research.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Is it possible to allow select access to IP addresses using Windows Server 2003? Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections. Sophos finds patching issues through endpoint NAC tool Companies using Sophos' Endpoint Assessment Test are discovering missing security patches, misconfigured firewalls and missing OS updates. Fortinet acquires database vulnerability scanner from IPLocks Fortinet said that IPLocks' vulnerability scanning technology will help it broaden its portfolio beyond application security.

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bastion host  (SearchSecurity.com) firewall  (SearchSecurity.com)