Abstract
This chapter discusses the techniques that are used to implement a private address, LAT-based DMZ segment. The ability to use an internal network segment for a DMZ is important because one should be able to take advantage of the Web and server publishing rules to make servers available on the DMZ. The TCP/IP security can be used to perform basic access control for incoming packets to the DMZ host. The TCP/IP filters do not do much to protect the internal network from a DMZ host, but they can prevent the DMZ host from packets arriving on hosts on the internal network. The TCP security filters only apply to incoming packets and have no influence on the packets leaving the host configured to use TCP/IP security filtering. One advantage of using TCP/IP security filters is that they work in kernel mode and thus, are less subject to compromise. This chapter also discusses routing and remote access (RRAS) packet filters that provide a powerful and effective method to control traffic moving between the LAT-based DMZ segment and the internal network. One can allow all traffic except for that for which one creates filters, or one can deny all traffic except for that for which one create filters.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
