Which type of network architecture uses two firewalls placed on either side of a demilitarized zone (DMZ)?

The type of network architecture that utilizes two firewalls placed on either side of a demilitarized zone (DMZ) is a screened subnet. This architecture serves to enhance security by segmenting and isolating a portion of the network, allowing external users to access specific services without gaining direct access to the internal network.

In this configuration, the first firewall acts as the first line of defense, controlling incoming traffic from external sources. The DMZ itself contains servers that need to be accessible from the internet, such as web servers or email servers, while still providing some level of protection against direct attacks on the internal network. The second firewall safeguards the internal network, ensuring that only allowed traffic flows between the DMZ and the internal network.

Using a screened subnet makes it possible to manage and monitor traffic between the external environment and both the DMZ and internal networks, which is essential for protecting sensitive information and maintaining overall security posture. It’s an effective strategy for organizations that require interaction with external systems while ensuring that their core network remains secure.