Re: Application Level and Stateful Inspection

Tue, 22 May 2001 03:08:25 -0700 


This is a bit of a simplification, but lets say that all an SI firewall does is ensure 
that connections from source to destination are established correctly and in line with 
the rulebase you have defined, and are revoked on inactivity.  Lets say it also tracks 
sequence numbers and other details of the connection to ensure no packets sneak 
through that aren't a part of an existing valid connection.

So you would have a rule that says:

Source                Destination                Service         Action
192.168.0.1      10.0.0.1                     ldap              Accept

So we allow ldap connections between these two addresses, if the connection is 
instigated by the first.

But as far as the SI firewall is concerned, ldap is just a port number.  It doesn't 
refer to the protocol itself, just the port it uses to communicate.  In most 
situtations an SI firewall doesn't understand what ldap *is*, just what port it 
utilises.

So suppose you had PC Anywhere installed on 10.0.0.1, but you configured it to listen 
on 389 (ldap port).  It means you could establish a PCA connection to 10.0.0.1 using 
the above rule that is supposed to be for ldap.

A application firewall works at a higher level.  It knows exactly what ldap is.  So 
traffic passing through is checked to ensure it is actually ldap traffic and nothing 
else.  Usually, the source will make a connection to the firewall, and the application 
firewall will establish a connection to the destination.  Otherwise known as a proxy.



>>> Johnston Mark <[EMAIL PROTECTED]> 5/22/2001 10:07:28 am >>>
Hi all,

Could someone please be as kind to explain to me why an application level
firewall is more secure than a stateful inspection firewall.

Many thanks
Mark



---------------------------------------------------------------------------------------------------------------------------
CRESTCo Ltd.             The views expressed above are not necessarily those
33 Cannon Street.        held by CRESTCo Limited.
London  EC4M 5SB (UK)      
+44 (020) 7849 0000     http://www.crestco.co.uk 
---------------------------------------------------------------------------------------------------------------------------
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to