We are independent & ad-supported. We may earn a commission for purchases made through our links.
EasyTechJunkie
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Networking

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is a Screened Subnet?

M. McGee
By
Updated: May 16, 2024

A screened subnet is a protective method used in computer networks that have both public and private areas. These systems separate public and private functions into two distinct areas. The local intranet contains the network’s private computers and systems, while the subnet has all the public functions like webservers or public file storage. When information comes from the Internet, the router determines which section of the system it has access to and sends it off accordingly. This is in contrast to a typical network where there is only the intranet on one side of the router and the Internet on the other.

In a standard network, a local intranet connects to a router, which directs information outwards to the full Internet. Either within the router or connected to the router is a firewall that protects the intranet from outside interference. With a screened subnet, there is a third portion that is accessible through the router, but not connected directly to the local intranet, that allows access via the Internet. This third section is typically in a demilitarized zone (DMZ), a networking term that means it is not fully protected by the network’s security.

One of the basic distinctions in a screened subnet is the difference between private and public systems. A private system contains personal computers, workstations, gaming consoles and other things used by the owners of the network. The public section contains access points that are used by people outside of the network. Common uses for outside connections would be hosting a webpage or file server.

The public areas of the network are fully accessible and visible from the Internet, while the private information is not. Typically, this is accomplished through the use of a three-port firewall or router. One port connects to the Internet and is used by all incoming and outgoing traffic. The second connects only to the public portions of the system while the third connects only to the private.

The use of a screened subnet is basically a security feature for the network. In a typical outside attack, the router and firewall would be probed for weakness. Should one be found, the intruder would enter the network and have full access to the intranet. With the use of a screened subnet, the intruder would be most likely to find the public access points and invade the public section only. When a DMZ is in effect, the public protections are much weaker, making it even more likely that that section of the system would be attacked and the private section would be left alone.

EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
M. McGee
By M. McGee
Mark McGee is a skilled writer and communicator who excels in crafting content that resonates with diverse audiences. With a background in communication-related fields, he brings strong organizational and interpersonal skills to his writing, ensuring that his work is both informative and engaging.
See our Editorial Process Share Feedback

Related Articles

Discussion Comments
M. McGee
M. McGee
Mark McGee is a skilled writer and communicator who excels in crafting content that resonates with diverse audiences....
Learn more
Share
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.