- This topic has 4 replies, 4 voices, and was last updated 10 years, 4 months ago by
COm_BOY.
-
AuthorPosts
-
-
October 3, 2010 at 7:11 pm #5650
manoj9372
ParticipantI have a doubt regarding how Firewalls actually filtering out Traffic based on Applications?
Assume U have restricted or filtered the use of fire-fox browser in the network(Kind of application filtering in the firewall)
So Assume a user has installed mozilla fire-fox Application in a pc on the network and started using internet,
In this case how actually an firewall can detect the traffic is orginated from the fire-fox application?
and how it differentiates traffic from 2 different browsers?
Thinked some thing regarding how it get filtered on firewalls ,but i can’t able to figure out how?
So please help me by making this thing clear…
hope i will get some explanations….
-
October 3, 2010 at 10:44 pm #35544
dynamik
ParticipantIt could look at the user agent that’s being reported, but that’s something that’s easy to change. Application in this context doesn’t really refer to a specific application that the client is using, but rather the protocol that is in use. It’s referring to the application layer of the OSI/TCP models. For example, a packet filtering firewall could be configured to do something like only allow outbound traffic with a destination port of port 80 (standard HTTP).
However, I could do something like run SSH on that port and create a semi-covert channel. The firewall wouldn’t have any problems with that since I’m adhering to the rules. However, an application-level firewall would actually perform deeper packet inspection and notice that I’m not making HTTP connections. If it was configured to only allow HTTP, my connection would be denied and logs/alerts would be generated.
-
October 8, 2010 at 12:45 pm #35545
COm_BOY
ParticipantGenerally speaking there are modules available into firewall which would help you do content inspections . like Cisco ASA is a frewall and CSC-SSM is a content inspection module . Other open source firewall distro. are also offering inspection features . I dont think content inspection is typically a part of firewall but days are changing and we would soon see almost all network based firewalls having content inspections 🙂 since its becoming a must these days apart from the costing factor
-
October 12, 2010 at 2:56 pm #35546
former33t
ParticipantIt sounds like you might be trying to detect illicit software installs on your client machines. There are much more reliable ways to do that than using a firewall. Look at client side solutions to protect the endpoint. These are much more reliable for detecting the sorts of changes you mention.
-
October 12, 2010 at 4:51 pm #35547
COm_BOY
ParticipantCan u tell us which firewall you are having ? Cisco is offering NBAR for its firewall and routers but basically its not something to block , it like MPF offering different policies on different sets however NBAR can also be used to block application . It all depends which kind of equipment you are having
-
-
AuthorPosts
- You must be logged in to reply to this topic.