There are two main differences.
A stateful inspection firewall monitors packets going THROUGH the firewall.
A proxy (application level gateway) forms 2 separate connections, one on each side. It
carries the data from one side to the other, examining it for protocol correctness on
the way. But the packets are terminated on each side
Neither is really better than the other. They just have different pros and cons.
Stateful Inspection Application Gateway
Fast Thorough
examines TCP/IP depends on host OS TCP/IP stack
can be fooled by trick packets has high overhead.
The best idea is to use the appropriate technology for the need. Stateful Inspection
are very good for protecting server farms where the host themselves will be hardened
and the application services are limited. They protect the servers from breakage of
the TCP/IP protocol and hide ports and protocols behind them. They allow a high
throughput but don't protect from errors in services (http, ftp smtp) syntax.
Application gateways are better for protecting desktop users from the internet. They
can block more attacks directed at your internal network (but not trojans or viruses
(mainly)). But they do this by examining each bytes, making them considerable slower.
They are also subject to problems of the platform they run on.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, January 18, 2001 22:36
To: [EMAIL PROTECTED]
Subject: state-inspect firewall
hi folks:
I want to understand the difference bewteen state-inspect firewall and
app firewall in essence, which is better and why ?
thanks for your help
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
