Single Layer

  • one network host is allocated all firewall functions
  • onnected to each network for which it is to control access.
  • chosen when containing cost is a primary factor or when there are only two networks to interconnect.
  • +: everything there is to know about the firewall resides on that one host.
  • ok: In cases where the policy to be implemented is simple and there are few networks being interconnected,
  • +: cost-effective to operate and maintain over time.
  • -: susceptibility to implementation flaws or configuration errors — depending on the type, a single flaw or error might allow firewall penetration.

Multi- Tier

  • firewall functions are distributed among a small number of hosts, typically connected in series.
  • -: more difficult to design and operate
  • +:can provide substantially greater security by diversifying the defenses you are implementing.
  • -: more costly
  • note: possibly using different technology in each of these firewall hosts. This reduces the risk that the same implementation flaws or configuration errors will exist in every layer.

 

 

 

© Lynne Grewe