The Internet is a vast computer network comprised of a wide variety of disparate computing devices, interconnected by various connection media, which communicate using the transmission control protocol/Internet protocol (“TCP/IP”) set of communication protocols. In recent years, it has been increasingly commonplace to interconnect intranets (private networks which also utilize the TCP/IP set of communication protocols) with the Internet. While numerous benefits may be derived from interconnecting an intranet with the Internet, such interconnections pose serious security issues for the intranet. More specifically, an intranet, for example, an internal corporate network, is typically made accessible to only a defined group of users. However, no such limitations apply to the Internet. As a result, when the two are interconnected, there is considerable concern that an unknown and/or untrusted user accessing the intranet via the Internet could vandalize or otherwise manipulate the intranet.
Common practice has been to use a screened subnet to interconnect a trusted network such as an intranet to an untrusted network such as the Internet. Typically, a screened subnet includes one or more servers for providing services to Internet users and at least one firewall which protects the screened subnet and/or the intranet from attacks. While the firewall does provide a certain level of protection to the various servers of the screened subnet, the servers are still considered to be vulnerable to attack. While the web server is at the greatest risk for attack, other servers, for example, a utility server, of the screened subnet are also at risk, particularly if the utility or other server is at the same level as the web server.
It is contemplated that security for a screened subnet which separates an intranet from the Internet may be enhanced by segregating those servers which provide utility and maintenance services for the screened subnet within a secure VLAN. To provide a screened subnet which includes such a VLAN is, therefore, an object of this invention.