Greetings!
Johnston Mark schrieb:
> Could someone please be as kind to explain to me why an application
> level firewall is more secure than a stateful inspection firewall.
Stateful inspection (read: Checkpoint as most others are only stateful -
without inspection) packet filters just let the packets pass and cut the
connection as soon as there is something going awry - hopefully.
Example: Checkpoint Firewall-1
Stateful/Dynamic IP filters only check for IP addresses and ports and
compare them to current connections - and still are called "stateful
inspection" which seems to have become a marketing buzzword. In fact,
nearly each "firewall" or packet filter today is advertized as "stateful
inspection". Worst example (no flames please - read the tech docs, not
the marketing ones): Microsoft ISA server (if run without using HTTP and
Socks proxy), which is a primitive static IP filter comparable to any
(old) router ACLs.
(Transparent) application proxies read the request and open a brand new
connection to the target IP address by themselves. With this IP-based
attacks (e.g. weird IP flags) always stop at the firewall. In most cases
(specialized) application proxies are more secure as they test (much)
more parameters on the application layer. Checking host names or email
addresses for overly long parts or disallowed special characters should
be handled accordingly. In addition to that a certain ammount of
anonymization and masquerading on application level (e.g. header
filering for SMTP and HTTP) is builtin. Examples: Raptor,
TIS/Gauntlet
Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
