FYI: The difference between Proxy and Application Level Filters
---------------------------------------------------------------
There is a lot of confusion about which does what and what is
more secure and which product uses what, so here's my attempt
at clearing up some of the confusion.
First, I'd like to state up front that I am not completely certain
which of terms "Application Level Filter" or "Application Level Gateway"
is the correct one. Both seem to be popular and interchangable.
First, Websters's definition of "Proxy":
"The function or power of a person authorized to act for another."
- Both proxies and ALGs look at application layer data; that is,
the data inside TCP/UDP etc...
- The difference is that a proxy (usually) needs to be "ordered"
to go do something for the client, this is the definition of
the word "proxy". Proxies usually require client software support
for proxies, and also require instructing the software which proxy
host and type to use. An ALG operates transparently.
- Unfortunately, many firewall vendors erronously claim Proxy abilities
when it is really ALG capabilities. Not that it makes their product
any less secure, it's just unfortunate that they do :-)
- To further add to the confusion, a "transparent proxy" is a
contradiction in terms, people talking about those are usually
referring to ALGs.
About security:
- Conceptually, Proxies and ALGs are EQUALLY SECURE.
No, this is _not_ just an opinion of mine. It is a statement of fact.
However, keep in mind: the same way that poorly written proxies
add next to no security, also holds true for poorly written ALGs.
Now. How does Stateful Inspection fit into this picture? Simple:
- In order to be able to do Application Level Filtering, you need
to keep track of the connections and packet ordering. Hence,
Stateful Inspection is a prerequisite for ALGs.
How do I know if I have a Proxy or an ALG?
- Try telnetting to the inside of your mystery box, port 80.
If you don't get a connect, it's most likely an ALG.
Type "GET http://www.somedomain.com/ HTTP/1.0".
If you get the HTML page from somedomain.com, it is a proxy,
otherwise, it's most likely an ALG.
Lastly, remember that there are products that combine both proxying and
application level filtering.
*phew*! That's the end of today's public education services. :-)
Regards,
Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
