Network security
Network security

This free course is available to start right now. Review the full course description and key learning outcomes and create an account and enrol if you want a free statement of participation.

Free course

Network security

9.7 Examples of firewall implementation

In practice, firewalls are likely to be combinations of the types that I have described. For example, a screened sub-network is commonly incorporated in a firewall scheme, as shown in Figure 17. In this configuration an application level gateway implemented in a bastion host is used in combination with two packet-filtering routers. The screened sub-network that is formed is termed a demilitarised zone (DMZ). Placing servers and dial-in modems that are accessed by external users in a DMZ is a way of separating these higher-risk components from the protected internal network. Both external hosts and hosts within the internal network have access to services provided on the DMZ, but traffic across it is blocked, preventing external users from gaining direct access to the protected internal network.

Figure 17 A combined firewall

To end this unit I shall very briefly indicate the way in which the Open University's network is protected by its firewall.

Figure 18 represents the Open University's firewall arrangement, which needs to accommodate the diverse networking needs of many people: for example, students, administrators, academics, whether on site or working from remote sites such as conference venues, home or summer school locations. The Open University has its headquarters at Walton Hall, Milton Keynes. Thirteen regional centres and warehousing facilities each have LANs linked to the Walton Hall LAN to create the Open University's wide area network.

Figure 18 The Open University firewall

Figure 18 shows the firewall protecting the Walton Hall / internet interface. The services that students need to access are located within the DMZs. Students typically connect from their homes using dial-up modems or ADSL links to access the internet through their internet service providers, or they gain access from their workplaces. Web browsers are used to access services such as the library, the main web server or student services, and electronic conferencing software is used to access the servers that support the various course conferences.

In general, the firewall allows traffic to and from the DMZs but only traffic that can be identified as being initiated by internal users on the Open University's LANs is permitted to cross the firewall.

An additional feature of the Open University's arrangements allows authorised staff access to appropriate areas of the Walton Hall LAN from external locations. To do this a virtual private network (VPN) provides a logical bypass to the firewall, but access is secured by the use of ‘one-time’ password generators in ‘key fobs’ allocated to authorised users. These generate a frequent supply of different passwords. Before any request for services using the VPN is granted, the user requesting the service must respond with a valid password to a challenge from the VPN security system.

T823_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has over 40 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to university level study, find out more about the types of qualifications we offer, including our entry level Access courses and Certificates.

Not ready for University study then browse over 900 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus