Application-Level Firewalls: Smaller Net, Tighter Filter

Monday, 24 March 2003, 12:57 PM EST

Just when you thought a properly configured firewall would guard your perimeter, along comes the next zero-day vulnerability knocking over your public servers and letting attackers in the front door. Didn't you buy a firewall to stop such attacks? Well, we're going to let you in on a secret: You probably bought a stateful packet-filtering firewall that's effective at blocking network-level attacks but leaves any server available to the world still extremely vulnerable to application-layer attacks.

Application-layer firewalls differ from stateful packet-filtering and circuit-level gateways in several ways. First, application-layer firewalls support multiple application proxies on a single firewall. The proxies sit between the client and server passing data between the two endpoints. Suspicious data is dropped and the client and server never communicate directly with each other. Because application-level proxies are application-aware, the proxies can more easily handle complex protocols like H.323, which is used for videoconferencing and VoIP (voice over IP), and Oracle SQL*Net. Application proxies can be transparent to the client and server--no configuration is required on the client or the server--or nontranparent, letting the client and server address the proxy server directly. Transparency versus nontransparency is a matter of implementation and address hiding rather than security.

[ Read more ]




Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //