The key to deploying a proper security infrastructure is to know what
each
component is designed to do.
STATEFUL INSPECTION
Stateful Inspectionfirewalls can see everything a proxy firewall can see
(layer 4-7) in addition they can match and prevent protocol-level
attacts
(Layer 1-3)
more efficiently. Drawback not application aware and require 3rd party
filtration or services for protocol stream level scrutiny. Best usage:
Entry point
barricade to protect public servers or DMZ due to speed, versatility,
and
ability to perform packet by
packet analysis of current, previous, and next session state against
your
security policy.
APPLICATION PROXIES
Application - Layer Proxies can look at the protocol stream and inspect
the
stream for
specific anomalies and application specific state detection. The
drawback
is
that they can open up to protocol level attacks (Layer 1-3) and are
very difficult to implement due to protocol & SW specific knowledge
needed
to customize a defence (i.e. ICQ, BACK ORIFICE etc..) Another drawback
is
Operating System flaws and patches dependency (NT/UNIX). and slow
performance.
Best usage: Backend firewall between your Stateful Inspection firewall
and
the
internal network where your Database servers reside.
A best of breed practice approach for each component in the area they
were
designed to
to shine is always prudent.
ciao!
[EMAIL PROTECTED] wrote:
> What is better Adaptive proxies or Stateful Packet Inspection?
>
> _______________________________________________________
> Get 100% FREE Internet Access powered by Excite
> Visit http://freelane.excite.com/freeisp
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
