Trusted Zone
● Local Area Network (LAN), also known as the Inside Zone
● Represents the corporate intranet
Untrusted Zone
● Includes the internet and other external networks
● Traffic from the internet to the trusted zone is typically blocked, except for responses to specific requests from the inside
Screened Subnet
● A semi-trusted zone between the trusted and untrusted zones
● Contains devices like web servers and email servers
● Has restricted access from the untrusted zone and is not fully trusted by the internal network
● Screened Subnet to Trusted Zone
○ Traffic from internal to the screened subnet is allowed, but traffic is restricted
○ Return traffic from screened subnet devices is allowed
● Screened Subnet to Untrusted Zone
○ Screened subnet devices can access the internet freely
○ Certain inbound ports need to be open for services like email and web hosting
More on Screened Subnet
● Provides a choke point for network security measures, enhancing protection for hosted servers
○ Firewalls
○ Intrusion detection systems (IDS)
○ Intrusion prevention systems (IPS)
○ Unified threat management (UTM) systems
● Functionality
● Allows hosted servers like email and web servers to be accessible from both internal and external networks
● Without the screened subnet, servers hosted inside the network would be inaccessible or less useful to external users
