Author Anand Sastry, Senior Security Architect at Savvis Inc. offers an exploration of a few contemporary types of firewall deployment scenarios that are designed to thwart application attacks and emerging malware, in this article presented on Tech Target. Sastry covers virtual firewall deployments, firewalls for outbound traffic monitoring and web application firewalls among other topics.
“Typically, enterprises have followed a split-architecture design with Internet-accessible servers separated from the corporate assets in a particular isolated network segment. This segment is traditionally known as a ‘demilitarzied zone’ (DMZ). The isolation is achieved by dedicating a network interface of the firewall to these servers. Direct access to assets outside of those hosted in the DMZ is not permitted. These assets typically include corporate workstations, critical server components like domain controllers, email servers and enterprise applications. Assets hosted on the DMZ segment typically include Internet-accessible applications, such as Web interfaces, mail exchanges, mail relays and public drop boxes, among others. Access between assets on the DMZ and corporate segments is strictly controlled.”