The two archetypes commonly referred as dual firewalls vs. single firewall (aka three-legged model) techniques are practically tantamount since the DMZ itself is productively interjected as it must not solely hold connections from the exterior realm firewalled, but also possess firewalls hindering access from it to the internal network.
Fundamentally, this article is concerned with the single firewall diagram (three-legged model) vs. dual firewalls diagram discourse.
The first depiction is noticeably better than the second since comparatively there are more layers of defence. The first illustrates the notion that the outside world, including any potential adversaries, has to go through these numerous layers. The Firewalls-Sandwiched & Layered DMZ paradigm substantially adds further singular obstructions to entry for the adversary. If the intruder successfully penetrates the first firewall, he will have to attempt to also walk past the next and other layers. More significantly, he would need to penetrate the internal firewall before being able to extract any valuable corporate data. Also, the first example is perceived as safer since you are deploying two distinct brands of firewalls which helps avoid an attack on the firewall contravening both of them. Deploying distinct firewalls from different brands is occasionally regarded as an element of a defence in depth tactic.
Auditors are obviously going to favour the first paradigm since one misconfigured rule on the three-legged model may result in the adversary taking control of the DMZ server which may become worse as he manages to obtain control on the inside of the network. Do note that the first paradigm shows a second firewall on the inside which has important implications and functionality. Notably, the second firewall furnishes firewalling among the WAN, production, and non-production environments whereby production servers may access everything. When you deploy a firewall, you utilize sets of rules for each direction and every connection. Thus, the first scheme is functionally the same as the set of rules in the second scheme.
The second scheme and DMZ architecture usually occur when there are expense justifications for fulfillment, notably when one requires lesser firewalls. The majority of security engineers have implemented the single firewall model as it’s less costly to acquire and maintain. Experienced security administrators understand the necessity to be wary when maintaining firewalls since there are significant risks of potential misconfigurations. A single well configured-maintained firewall is going to perform better than dual firewalls that are extensively exposed since the IT individual configuring them happens to be conveniently incompetent which also makes the adversary’s job much easier.
Arguably, the dual firewalls network architecture can be considered as inadequate due to the failure of implementing defence in depth inclusively. If we look at this depiction, we perceive merely a singular access control amid the Internet-DMZ & DMZ-LAN. Normally, an eminently secure network architecture utilizes division of vendors and multiple layers of access controls such as a web application firewall, anti-virus, intrusion prevention system, layer 3 firewalls, and load balancers. Remember an attacker doesn’t need to attack the firewalls, they can just use the open ports to go directly through and attack the web server, mail server, or go directly through to attack the database.
Major enterprise data-centers and major industries such as banking ought to implement a network infrastructure similar to the first diagram depicting the usage of dual firewalls. Do keep in mind that these two diagrams articulated are merely numerous ways to design a network with a DMZ. The logic of such archetypes is to assist IT security professionals to ponder on the clever methods for designing layered DMZ secure network architectures. Every organization’s needs and budgets are different. These diagrams are purely correct or incorrect based on the ingenuity of the security architect to achieve the enterprise’s security requirements. To contend that one diagram is assuredly ideal is simply absurd. There are many examples to oppose such notion.