The perimeter router is typically a standard router providing a serial connection to the outside world (untrusted network) and a LAN connection to the internal network. The perimeter router should provide any filtering of outside traffic to implement basic security for the DMZ and preliminary filtering for the inside network.
The internal router is usually meant to protect against DOS attacks against your network, just in case that your perimeter router goes down due to DOS attacks, there will still be connection within the organization due to the internal router, otherwise the entire organization will have no connection even within it's own network. It also performs filtering of traffic for the internal network.
A firewall is a device or set of devices designed to permit or deny network transmissions based on a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range". Firewalls often have such functionality to hide the true address of protected hosts. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance.
Source: http://joel-hong.blogspot.com/
Hi Luke. :).
ReplyDeleteI like your post as it covers more on internal routers than my post had covered on internal routers. I have learnt that the internal router is meant to protect the network against DOS attacks. Even if the internet connection is down, the network will still work internally.
I have also learnt that firewalls have a NAT functionality, as I previously thought that this was a feature unique to routers only.
However, I have a question even though I know it won't be answered (trolololol): What exactly does "filtering of traffic for the internal network" mean?
Thanks for your informative post.