The Ethical Hacker Network - How Application filtering in fire-wall works?

Latest Additions

Who's Online

manoj9372

Jr. Member

Offline

Posts: 72

How Application filtering in fire-wall works?

« on: October 03, 2010, 02:11:01 PM »

I have a doubt regarding how Firewalls actually filtering out Traffic based on Applications?

Assume U have restricted or filtered the use of fire-fox browser in the network(Kind of application filtering in the firewall)

So Assume a user has installed mozilla fire-fox Application in a pc on the network and started using internet,

In this case how actually an firewall can detect the traffic is orginated from the fire-fox application?

and how it differentiates traffic from 2 different browsers?

Thinked some thing regarding how it get filtered on firewalls ,but i can't able to figure out how?

So please help me by making this thing clear...

hope i will get some explanations....


	Logged

ajohnson

Recruiters
Hero Member

Offline

Posts: 1057

aka dynamik

Re: How Application filtering in fire-wall works?

« Reply #1 on: October 03, 2010, 05:44:08 PM »

It could look at the user agent that's being reported, but that's something that's easy to change. Application in this context doesn't really refer to a specific application that the client is using, but rather the protocol that is in use. It's referring to the application layer of the OSI/TCP models. For example, a packet filtering firewall could be configured to do something like only allow outbound traffic with a destination port of port 80 (standard HTTP).

However, I could do something like run SSH on that port and create a semi-covert channel. The firewall wouldn't have any problems with that since I'm adhering to the rules. However, an application-level firewall would actually perform deeper packet inspection and notice that I'm not making HTTP connections. If it was configured to only allow HTTP, my connection would be denied and logs/alerts would be generated.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

COm_BOY

Full Member

Offline

Posts: 129

LivinG DeaD

Re: How Application filtering in fire-wall works?

« Reply #2 on: October 08, 2010, 07:45:49 AM »

Generally speaking there are modules available into firewall which would help you do content inspections . like Cisco ASA is a frewall and CSC-SSM is a content inspection module . Other open source firewall distro. are also offering inspection features . I dont think content inspection is typically a part of firewall but days are changing and we would soon see almost all network based firewalls having content inspections

since its becoming a must these days apart from the costing factor


	Logged

It has become appallingly obvious that our technology has exceeded our humanity.

former33t

Full Member

Offline

Posts: 226

Re: How Application filtering in fire-wall works?

« Reply #3 on: October 12, 2010, 09:56:11 AM »

It sounds like you might be trying to detect illicit software installs on your client machines. There are much more reliable ways to do that than using a firewall. Look at client side solutions to protect the endpoint. These are much more reliable for detecting the sorts of changes you mention.


	Logged

Certifications: CREA, MCSE: Security, CCNA, Security+, other junk

COm_BOY

Full Member

Offline

Posts: 129

LivinG DeaD

Re: How Application filtering in fire-wall works?

« Reply #4 on: October 12, 2010, 11:51:03 AM »

Can u tell us which firewall you are having ? Cisco is offering NBAR for its firewall and routers but basically its not something to block , it like MPF offering different policies on different sets however NBAR can also be used to block application . It all depends which kind of equipment you are having