On Tue, 22 May 2001, Johnston Mark wrote:
> Thanks for the reply .....
>
> So a AL Firewall is a much more "clever" firewall. Obviously its a much more
> resourse intensive cos' of all the connections that it needs to initiate,
> and connections it needs to "monitor", but my question is how does it know
> what ldap is compared to PCA. Is it something like in packet headers where
> one can determine the type of OS by the packet structure ?(passive
> fingerprinting)
>
Which goes along I think, with my oft asked question, how deeply does this
app proxy look at the packet to determine what is good and not goot
traffic to pass. How often it the packet stream checked to determine the
traffic type and if it meets the standards of the app proxy? I'm
suspecting that most are not looking much deeper at packets then stateful
packets filters.
Thanks,
Ron DuFresne
> -----Urspr�ngliche Nachricht-----
> Von: Paul Murphy [mailto:[EMAIL PROTECTED]]
> Gesendet: 22 May 2001 11:56
> An: [EMAIL PROTECTED]; Johnston Mark
> Betreff: Re: Application Level and Stateful Inspection
>
>
>
> This is a bit of a simplification, but lets say that all an SI firewall does
> is ensure that connections from source to destination are established
> correctly and in line with the rulebase you have defined, and are revoked on
> inactivity. Lets say it also tracks sequence numbers and other details of
> the connection to ensure no packets sneak through that aren't a part of an
> existing valid connection.
>
> So you would have a rule that says:
>
> Source Destination Service Action
> 192.168.0.1 10.0.0.1 ldap Accept
>
> So we allow ldap connections between these two addresses, if the connection
> is instigated by the first.
>
> But as far as the SI firewall is concerned, ldap is just a port number. It
> doesn't refer to the protocol itself, just the port it uses to communicate.
> In most situtations an SI firewall doesn't understand what ldap *is*, just
> what port it utilises.
>
> So suppose you had PC Anywhere installed on 10.0.0.1, but you configured it
> to listen on 389 (ldap port). It means you could establish a PCA connection
> to 10.0.0.1 using the above rule that is supposed to be for ldap.
>
> A application firewall works at a higher level. It knows exactly what ldap
> is. So traffic passing through is checked to ensure it is actually ldap
> traffic and nothing else. Usually, the source will make a connection to the
> firewall, and the application firewall will establish a connection to the
> destination. Otherwise known as a proxy.
>
>
>
> >>> Johnston Mark <[EMAIL PROTECTED]> 5/22/2001 10:07:28 am >>>
> Hi all,
>
> Could someone please be as kind to explain to me why an application level
> firewall is more secure than a stateful inspection firewall.
>
> Many thanks
> Mark
>
>
>
> ----------------------------------------------------------------------------
> -----------------------------------------------
> CRESTCo Ltd. The views expressed above are not necessarily those
> 33 Cannon Street. held by CRESTCo Limited.
> London EC4M 5SB (UK)
> +44 (020) 7849 0000 http://www.crestco.co.uk
> ----------------------------------------------------------------------------
> -----------------------------------------------
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
