Security Considerations

A company's assets are at risk when it connects to the Internet. It might want to provide Internet services for customers and other users of the Internet, while allowing its employees to connect to the Internet for services or access to corporate information.

SunScreen

SunScreen divides the network into discrete areas, each served by an interface. You set up filtering rules to control the access to one area from another area, which can be another network within your company or an area outside your company.

FIGURE 2-1 shows a sample map of a simple network in which a Screen in routing mode functions as a firewall and router to connect the Engineering network over an unsecured public network (the Internet) through a Screen in stealth mode to other secure networks.

Figure 2-1 Sample Network Map

The ftp-www server might be the public area of the company, also called the demilitarized zone (DMZ), and the engineering, sales, and corporate network segments might be part of the "private" area. SunScreen can then control access between these areas and the rest of the Internet.