Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

Firewalls

Which Network Firewall

Which Home Firewall

Network Firewall Buyers Guide

 

Firewall Terminology

Application Control

Application Layer Filtering

Firewall Authentication

High Availability, Failover, RAID, Clustering, & Redundancy

IPS & IDS Systems

Load Balancing & Link Balancing

NAT

Network Firewall Buyers Guide

Next-Gen vs UTM

Packet Filtering

Parental Control

Perimeter Network or DMZ

Personal or Hardware Firewall?

Ports Protocols and IP Addresses

QOS

Stateful Packet Filtering

SSL-Content-Scanning

UTM

What is a Firewall?

Which home Firewall?

Which Network Firewall?

Zero Day Protection

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

 

 

Application Layer Filtering - Firewall Advanced Security

 

 

What is Application Layer Filtering - Third Generation

From the traditional attacks such as scanning of open ports on network firewalls, hackers are now attacking applications directly. Packet filtering or stateful firewalls alone can not detect application layer attacks. This is because they analyse the ports, protocols and states of the packets but do not look deep inside the packet. In other words they do not completely disassemble a packet and its content and analyse the content including the payload. This has lead to the emergence of application layer defense mechanisms.

Application layer gateway firewalls also known as proxy based firewalls can monitor and filter on the application layer (Layer 7), as well as doing the traditional filtering such as packet filtering and stateful packet inspection. Application layer proxies are able to look deep within the packets (traffic) content, and look for inconsistencies, invalid or malicious commands, and executable programs.

Many of today's firewalls come with a package of application layer proxies. These proxies will be dedicated to a service or protocol, and understand the granular workings of the protocol. For example a dedicated proxy for the SMTP protocol can be used to detect for invalid commands and parameters used for potential attacks, though blocking these. HTTP and HTTPS application proxies can check for tampering of cookies and invalid character encoding and much more.

Filtering on the application layer offers the best level of security however it is slower and so require more processing power when inspecting each packet. It requires a powerful firewall, however this of course comes with a bigger cost. That said, today's hardware technology such as quad core CPU's have evolved rapidly and so are able to handle resource intensive applications.

For further reading, there's some excellent electronic ebooks available for download from eBooks.com