separates the inside network from the DMZ for customers who might want to establish another
layer of security. It should allow only established sessions back into the inside network, and
perhaps mail and WWW traffic. If someone breaks into the public area (DMZ), the internal
users are still secure.
specific hosts on the DMZ area.
private IP addresses. NAT translates these private IP addresses into public addresses at the
firewall. Only public addresses can route through the Internet. NAT also can be configured to
advertise only one address for the entire internal network to the outside world. This is called
Port Address Translation (PAT). This provides security by effectively hiding the entire internal
network from the world.
address from inside your network. This type of attack is known as IP spoofing.
conjunction with a mechanism that does address-based authentication. An example of this are
the UNIX tools rsh and rlogin. These protocols allow an administrator to establish a list of
trusted remote hosts whose users do not need to supply a password.
172.16.31.0, and 192.168.0.0 from entering your network from the outside, it might be
necessary to block your internal networks from entering from the outside. There should not be
any users with these source addresses trying to enter your network.