Dual-homed or dual-homing can refer to either an Ethernet device that has more than one network interface, for redundancy purposes, or in firewall technology, one of the firewall architectures for implementing preventive security.
An example of dual-homed devices are enthusiast computing motherboards that incorporate dual Ethernet network interface cards.
In Ethernet LANs, dual-homing is a network topology whereby a networked device is built with more than one network interface. Each interface or port is connected to the network, but only one connection is active at a time. The other connection is activated only if the primary connection fails. Traffic is quickly rerouted to the backup connection in the event of link failure. This feature was designed to provide telecommunications grade reliability and redundancy to Ethernet networks. [1] Multihoming is a more general category, referring to a device having more than one network connection.
Firewall dual-homing provides the first-line defense and protection technology for keeping untrusted bodies from compromising information security by violating trusted network space.
A dual-homed host (or dual-homed gateway [2] ) is a system fitted with two network interfaces (NICs) that sits between an untrusted network (like the Internet) and trusted network (such as a corporate network) to provide secure access. Dual-homed is a general term for proxies, gateways, firewalls, or any server that provides secured applications or services directly to an untrusted network.
Dual-homed hosts can be seen as a special case of bastion hosts and multi-homed hosts. They fall into the category of application-based firewalls. [3]
Dual-homed hosts can act as firewalls provided that they do not forward IP datagrams unconditionally. [4]
Other firewall architectures include the network-layer firewall types screening router, screened-host, [5] and screened subnet.
A network switch is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device.
Fiber Distributed Data Interface (FDDI) is a standard for data transmission in a local area network. It uses optical fiber as its standard underlying physical medium, although it was also later specified to use copper cable, in which case it may be called CDDI, standardized as TP-PMD, also referred to as TP-DDI.
Network topology is the arrangement of the elements of a communication network. Network topology can be used to define or describe the arrangement of various types of telecommunication networks, including command and control radio networks, industrial fieldbusses and computer networks.
Proxy ARP is a technique by which a proxy server on a given network answers the Address Resolution Protocol (ARP) queries for an IP address that is not on that network. The proxy is aware of the location of the traffic's destination and offers its own MAC address as the destination. The traffic directed to the proxy address is then typically routed by the proxy to the intended destination via another interface or via a tunnel.
A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet.
In computer security, a DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall. The DMZ functions as a small, isolated network positioned between the Internet and the private network.
Multihoming is the practice of connecting a host or a computer network to more than one network. This can be done in order to increase reliability or performance.
In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway, by remapping the destination IP address and port number of the communication to an internal host.
In telecommunications networks, a node is either a redistribution point or a communication endpoint. The definition of a node depends on the network and protocol layer referred to. A physical network node is an electronic device that is attached to a network, and is capable of creating, receiving, or transmitting information over a communication channel. A passive distribution point such as a distribution frame or patch panel is consequently not a node.
Networking hardware, also known as network equipment or computer networking devices, are electronic devices which are required for communication and interaction between devices on a computer network. Specifically, they mediate data transmission in a computer network. Units which are the last receiver or generate data are called hosts, end systems or data terminal equipment.
In computer networking, link aggregation is the combining of multiple network connections in parallel by any of several methods. Link aggregation increases total throughput beyond what a single connection could sustain, and provides redundancy where all but one of the physical links may fail without losing connectivity. A link aggregation group (LAG) is the combined collection of physical ports.
Industrial Ethernet (IE) is the use of Ethernet in an industrial environment with protocols that provide determinism and real-time control. Protocols for industrial Ethernet include EtherCAT, EtherNet/IP, PROFINET, POWERLINK, SERCOS III, CC-Link IE, and Modbus TCP. Many industrial Ethernet protocols use a modified Media Access Control (MAC) layer to provide low latency and determinism. Some microprocessors provide industrial Ethernet support.
Fiber to the x or fiber in the loop is a generic term for any broadband network architecture using optical fiber to provide all or part of the local loop used for last mile telecommunications. As fiber optic cables are able to carry much more data than copper cables, especially over long distances, copper telephone networks built in the 20th century are being replaced by fiber.
A computer network is a set of computers sharing resources located on or provided by network nodes. Computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies.
SpeedTouch is the brand name of a line of networking equipment produced by Alcatel and Technicolor SA. Before 27 January 2010 Technicolor was known as Thomson SA.
Perle Systems is a technology company that develops and manufactures serial to Ethernet, fiber to Ethernet, I/O connectivity, and device networking equipment. These types of products are commonly used to establish network connectivity across multiple locations, securely transmit sensitive information across a LAN, and remotely monitor and control networked devices via out-of-band management.
A unidirectional network is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.
A virtual security switch is a software Ethernet switch with embedded security controls within it that runs within virtual environments such as VMware vSphere, Citrix XenDesktop, Microsoft Hyper-V and Virtual Iron. The primary purpose of a virtual security switch is to provide security measures such as isolation, control and content inspection between virtual machines.
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.
Fiber to the office (FTTO) is an alternative cabling concept for local area network (LAN) network office environments. It combines passive elements and active mini-switches to provide end devices with Gigabit Ethernet. FTTO involves centralised optical fibre cabling techniques to create a combined backbone/horizontal channel; this channel is provided from the work areas to the centralised cross-connect or interconnect by allowing the use of pull-through cables or splices in the telecommunications room.