594424
Description
Mind Map by Craig Parker, updated more than 1 year ago
|
Created by Craig Parker
over 10 years ago
|
|
u9.3 Firewall Types P3.
Application Level Proxies
- Most complex of the 4 types
- Does more processing and has more features
to support operations on typical networks
- provides the most detailed level of control of traffic
- checks for correct association of services with port numbers
- checks for correct association of services with port numbers
- provides the most detailed level of control of traffic
- Does more processing and has more features
to support operations on typical networks
- Do not route packets between
source and destination
- Always repackage the contents of incoming packets into
new packets that are generated and sent out from the proxy
- Always repackage the contents of incoming packets into
new packets that are generated and sent out from the proxy
- The distinction of an application-level proxy firewall is that it actually
contains a complete OSI layer 7 client and server implementation for
every protocol it can support through the firewall.
- Normally a machine would be just a client or a server
– an application-level proxy firewall has to be both.
- This means the security can
be very fine grained, more
than for any other type of FW
- For example a stateful
packet might allow HTTP
& Block FTP
- an ALP can allow GTTP Get
but block HTTP Post
- Or allow FTP Get but block
exe from being downloaded
- Or allow FTP Get but block
exe from being downloaded
- an ALP can allow GTTP Get
but block HTTP Post
- Provides a greater level of control at a price
- more processing = lowe performance
- more processing = lowe performance
- For example a stateful
packet might allow HTTP
& Block FTP
- This means the security can
be very fine grained, more
than for any other type of FW
- it must contain this functionality for every
protocol it may need to send between clients
& servers on opposite sides of the FW
- the possibilities here mean that ALP
end up being extremely complex
- the possibilities here mean that ALP
end up being extremely complex
- Normally a machine would be just a client or a server
– an application-level proxy firewall has to be both.
Want to create your own Mind Maps for free with GoConqr? Learn more.