5.2: Demilitarized Zones (Questions)

How is a gateway different from a router?

Gateways have to be logged on to and do not have IP forwarding, while routers pass traffic through without user authentication

What type of computer might exist inside a demilitarized zone (DMZ)?

a web server, FTP server, or email server (publicly accessible resources)

What makes bastion hosts vulnerable to attack? How can you harden bastion hosts?

bastion hosts are not protected by a firewall device or are purposely exposed; they can be hardened by using lockdown facilities, using a personal firewall, patching your bastion host, using antivirus and anti-spyware, and separating bastion host roles by placing a single application on each server

How is a honeypot used to increase network security?

honeypots track info about how attackers go about attacking a system and distract attackers from attacking what actually matters

A screened subnet uses two firewalls. What is the function of each firewall?

the external firewall connected to the internet allows access to public resources, while the internal firewall connects the screened subnet to the private network so that if the outer firewall fails, the inner firewall still protects the private network

What is the typical configuration for a DMZ configured as a dual-homed gateway?

the firewall has an interface connected to the internet, interface connected to the public subnet, and interface connected to the private network