Application-Level Firewalls: Smaller Net, Tighter Filter

Monday, 24 March 2003, 12:57 PM EST

Just when you thought a properly configured firewall would guard your perimeter, along comes the next zero-day vulnerability knocking over your public servers and letting attackers in the front door. Didn't you buy a firewall to stop such attacks? Well, we're going to let you in on a secret: You probably bought a stateful packet-filtering firewall that's effective at blocking network-level attacks but leaves any server available to the world still extremely vulnerable to application-layer attacks.

Application-layer firewalls differ from stateful packet-filtering and circuit-level gateways in several ways. First, application-layer firewalls support multiple application proxies on a single firewall. The proxies sit between the client and server passing data between the two endpoints. Suspicious data is dropped and the client and server never communicate directly with each other. Because application-level proxies are application-aware, the proxies can more easily handle complex protocols like H.323, which is used for videoconferencing and VoIP (voice over IP), and Oracle SQL*Net. Application proxies can be transparent to the client and server--no configuration is required on the client or the server--or nontranparent, letting the client and server address the proxy server directly. Transparency versus nontransparency is a matter of implementation and address hiding rather than security.

[ Read more ]


Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Jul 3rd