.

How Application filtering in fire-wall works?

<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Sun Oct 03, 2010 2:11 pm

How Application filtering in fire-wall works?

I have a doubt regarding how Firewalls actually filtering out Traffic based on Applications?

Assume U have restricted or filtered the use of fire-fox browser in the network(Kind of application filtering in the firewall)

So Assume a user has installed mozilla fire-fox Application in a pc on the network and started using internet,

In this case how actually an firewall can detect the traffic is orginated from the fire-fox application?

and how it differentiates traffic from 2 different browsers?

Thinked some thing regarding how it get filtered on firewalls ,but i can't able to figure out how?

So please help me by making this thing clear...

hope i will get some explanations....
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Oct 03, 2010 5:44 pm

Re: How Application filtering in fire-wall works?

It could look at the user agent that's being reported, but that's something that's easy to change. Application in this context doesn't really refer to a specific application that the client is using, but rather the protocol that is in use. It's referring to the application layer of the OSI/TCP models. For example, a packet filtering firewall could be configured to do something like only allow outbound traffic with a destination port of port 80 (standard HTTP).

However, I could do something like run SSH on that port and create a semi-covert channel. The firewall wouldn't have any problems with that since I'm adhering to the rules. However, an application-level firewall would actually perform deeper packet inspection and notice that I'm not making HTTP connections. If it was configured to only allow HTTP, my connection would be denied and logs/alerts would be generated.
The day you stop learning is the day you start becoming obsolete.
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Fri Oct 08, 2010 7:45 am

Re: How Application filtering in fire-wall works?

Generally speaking there are modules available into firewall which would help you do content inspections . like Cisco ASA is a frewall and CSC-SSM is a content inspection module . Other open source firewall distro. are also offering inspection features . I dont think content inspection is typically a part of firewall but days are changing and we would soon see almost all network based firewalls having content inspections :) since its becoming a must these days apart from the costing factor
It has become appallingly obvious that our technology has exceeded our humanity.
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue Oct 12, 2010 9:56 am

Re: How Application filtering in fire-wall works?

It sounds like you might be trying to detect illicit software installs on your client machines.  There are much more reliable ways to do that than using a firewall.  Look at client side solutions to protect the endpoint.  These are much more reliable for detecting the sorts of changes you mention.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Tue Oct 12, 2010 11:51 am

Re: How Application filtering in fire-wall works?

Can u tell us which firewall you are having ? Cisco is offering NBAR for its firewall and routers but basically its not something to block , it like MPF offering different policies on different sets however NBAR can also be used to block application . It all depends which kind of equipment you are having
It has become appallingly obvious that our technology has exceeded our humanity.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software