What’s a shielded subnet?

Print anything with Printful

A shielded subnet separates public and private functions in a network, with a third portion accessible through a demilitarized zone. Public areas are fully accessible while private information is not. This is a security feature that reduces the risk of external attacks on the intranet.

A shielded subnet is a method of security used in computer networks that have both public and private areas. These systems separate public and private functions into two distinct areas. The local intranet contains the private computers and systems of the network, while the subnet has all the public functions such as web servers or public file storage. When information comes from the Internet, the router determines which section of the system it has access to and sends it accordingly. This is in contrast to a typical network where there is only the intranet on one side of the router and the internet on the other.

In a standard network, a local intranet connects to a router, which directs information to the entire Internet. Inside the router or connected to the router is a firewall that protects the intranet from outside interference. With a shielded subnet, there is a third portion accessible through the router, but not connected directly to the local intranet, which allows access via the Internet. This third section is typically in a demilitarized zone (DMZ), a network term meaning it is not fully protected by network security.

One of the basic distinctions in a shielded subnet is the difference between private and public systems. A private system contains personal computers, workstations, game consoles, and other things used by the owners of the network. The public section contains access points used by people outside your network. Common uses for external connections would be hosting a web page or file server.

Public areas of the network are fully accessible and visible from the Internet, private information is not. Typically, this is accomplished by using a three-port firewall or router. A port connects to the Internet and is used by all incoming and outgoing traffic. The second connects only to the public portions of the system while the third connects only to the private.

Using a shielded subnet is basically a security feature for your network. In a typical external attack, the router and firewall would be examined for any weaknesses. If one were found, the intruder would enter the network and have full access to the intranet. With the use of a shielded subnet, the intruder is more likely to find the public access points and only invade the public section. When a DMZ is in place, public protections are much weaker, making it even more likely that that part of the system will be attacked and the private part left alone.

Protect your devices with Threat Protection by NordVPN

Skip to content