Firewall Deployment in a Network

A demilitarized zone (DMZ) resides outside of an internal network and provides open access to servers (Stewart, 2013). Two firewall solutions can be used for DMZ deployment: a single firewall or multi-interfaced/multi-homed firewall. A single firewall can be used in home networks to protect the internal networks and for internet-facing web services. Multi-interfaced firewall refers to a single physical device that is designed to protect multiple network segments. For home networks, multi-homed deployment can be used to create an additional barrier to intrusion from external adversaries.

Pros and Cons of DMZ Firewall Solutions

Relying on a single firewall to protect home network has some merits. First, the firewall requires only a single set of configuration rules. Second, the license for a single firewall is less expensive as compared to two or more. However, the data flow speed reduces hence, performance degradation, and since all the traffic has to go through one firewall, bottlenecks are highly likely to occur. In multi-homed firewall deployment, one firewall regulates traffic flow between the internet and DMZ, and another firewall controls traffic flow between DMZ and secured local area network. An advantage of the multi-home system is that the traffic in the networks can be regulated, hence solving the bottlenecks issue. Nonetheless, using more than one firewall presents the problem such as support for other network security features. Only specific traffic is allowed to get past the DMZ from the internet (Stewart, 2013).

If money was not a constraint, I would heavily invest in firewall technologies by adding a level of security to my network and deploying various types of firewalls. By having various layers of firewalls, the system will become hack resistant, making any potential attacker to do twice the work.

Reference

Stewart, J. M. (2013). Network Security, Firewalls and VPNs. Jones & Bartlett Publishers.