Thanks for the reply .....
So a AL Firewall is a much more "clever" firewall. Obviously its a much more resourse intensive cos' of all the connections that it needs to initiate, and connections it needs to "monitor", but my question is how does it know what ldap is compared to PCA. Is it something like in packet headers where one can determine the type of OS by the packet structure ?(passive fingerprinting)
-----Urspr�ngliche Nachricht-----
Von: Paul Murphy [mailto:[EMAIL PROTECTED]]
Gesendet: 22 May 2001 11:56
An: [EMAIL PROTECTED]; Johnston Mark
Betreff: Re: Application Level and Stateful Inspection
This is a bit of a simplification, but lets say that all an SI firewall does is ensure that connections from source to destination are established correctly and in line with the rulebase you have defined, and are revoked on inactivity. Lets say it also tracks sequence numbers and other details of the connection to ensure no packets sneak through that aren't a part of an existing valid connection.
So you would have a rule that says:
Source Destination Service Action
192.168.0.1 10.0.0.1 ldap Accept
So we allow ldap connections between these two addresses, if the connection is instigated by the first.
But as far as the SI firewall is concerned, ldap is just a port number. It doesn't refer to the protocol itself, just the port it uses to communicate. In most situtations an SI firewall doesn't understand what ldap *is*, just what port it utilises.
So suppose you had PC Anywhere installed on 10.0.0.1, but you configured it to listen on 389 (ldap port). It means you could establish a PCA connection to 10.0.0.1 using the above rule that is supposed to be for ldap.
A application firewall works at a higher level. It knows exactly what ldap is. So traffic passing through is checked to ensure it is actually ldap traffic and nothing else. Usually, the source will make a connection to the firewall, and the application firewall will establish a connection to the destination. Otherwise known as a proxy.
>>> Johnston Mark <[EMAIL PROTECTED]> 5/22/2001 10:07:28 am >>>
Hi all,
Could someone please be as kind to explain to me why an application level
firewall is more secure than a stateful inspection firewall.
Many thanks
Mark
---------------------------------------------------------------------------------------------------------------------------
CRESTCo Ltd. The views expressed above are not necessarily those
33 Cannon Street. held by CRESTCo Limited.
London EC4M 5SB (UK)
+44 (020) 7849 0000 http://www.crestco.co.uk
---------------------------------------------------------------------------------------------------------------------------
