Screened-host firewall—Utilizing a packet filtering router and a bastion host, this approach implements basic
network layer security (packet filtering) and application server security (proxy services). An intruder in this
configuration must penetrate two separate systems before the security of the private network can be compromised.
This firewall system is configured with the bastion host connected to the private network with a packet filtering
router between the Internet and the bastion host. Router filtering rules allow inbound traffic to access only the
bastion host, which blocks access to internal systems. Since the inside hosts reside on the same network as the
bastion host, the security policy of the organization determines whether inside systems are permitted direct access to
the Internet, or whether they are required to use the proxy services on the bastion host.