An application firewall may also be referred to as a proxy-based or reverse-proxy firewall. They provide application-layer filtering and can examine the payload of a packet and distinguish among valid requests, data and malicious code disguised as a valid request or data.
Since this type makes a decision based on the payload's content, it gives security engineers more granular control over network traffic and sets rules to permit or deny specific application requests or commands. For example, it can allow or deny a specific incoming Telnet command from a particular user, whereas other types can only control general incoming requests from a particular host.
If this type of firewall can also prevent an attacker from connecting directly to the network, it works even better. When the firewall lives on a proxy server, it makes it harder for an attacker to discover where the network actually is and creates yet another layer of security.
When there is a proxy firewall in place, both the client and the server are forced to conduct the session through an intermediary -- the proxy server that hosts an application layer firewall. Now, each time an external client requests a connection with an internal server or vice versa, the client will open a connection with the proxy instead.
If the connection meets the criteria in the firewall rule base, the proxy will open a connection to the requested server. Because the firewall is placed in the middle of the logical connection, it can watch traffic for any signs of malicious activity at the application layer.
The key benefit of application-layer filtering is the ability to block specific content, such as known malware or certain websites, and recognize when certain applications and protocols, such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and domain name system (DNS), are being misused. Application layer firewall rules can also be used to control the execution of files or the handling of data by specific applications.
Read More: firewall management services
Since this type makes a decision based on the payload's content, it gives security engineers more granular control over network traffic and sets rules to permit or deny specific application requests or commands. For example, it can allow or deny a specific incoming Telnet command from a particular user, whereas other types can only control general incoming requests from a particular host.
If this type of firewall can also prevent an attacker from connecting directly to the network, it works even better. When the firewall lives on a proxy server, it makes it harder for an attacker to discover where the network actually is and creates yet another layer of security.
When there is a proxy firewall in place, both the client and the server are forced to conduct the session through an intermediary -- the proxy server that hosts an application layer firewall. Now, each time an external client requests a connection with an internal server or vice versa, the client will open a connection with the proxy instead.
If the connection meets the criteria in the firewall rule base, the proxy will open a connection to the requested server. Because the firewall is placed in the middle of the logical connection, it can watch traffic for any signs of malicious activity at the application layer.
The key benefit of application-layer filtering is the ability to block specific content, such as known malware or certain websites, and recognize when certain applications and protocols, such as Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and domain name system (DNS), are being misused. Application layer firewall rules can also be used to control the execution of files or the handling of data by specific applications.
Read More: firewall management services
No comments:
Post a Comment