Security Basics mailing list archives

Re: Application Firewall

From: "Sanjay R" <2sanjayr () gmail com>
Date: Fri, 1 Aug 2008 19:09:36 +0530

On Fri, Aug 1, 2008 at 2:30 PM, ॐ aditya mukadam ॐ
<aditya.mukadam () gmail com> wrote:

sanjay>> Application level firewalls are firewalls. Proxy, if used in
a special way, is a type of application level firewall. however, it
will be nice and interesting to hear "why application level firewall
is NOT a firewall?"


Aditya:For a firewall to work at application level, you would (90% of
the time) need to proxy the traffic through it for best results. So,
we can call it 'application level firewall' or 'intelligent proxies'.

sanjay>> Agreed and this is what i wanted to say. My confusion was
your statement that " Application level firewalls are actually not
firewalls." Firewall is a concept/mechanism to provide some access
control. Based on the information that you require to have access
control, the more granularity to you want, higher in the stack you
move on. Proxy, as name suggests, are just proxy for some application
i.e it understands that application very well. So, if you take
advantage to this understanding and mingle some control mechanism, it
becomes Application firewall.  for this same reason, we have many
proxies (only proxies) out there, like Webscarab etc and they are not
come under firewall.


Take a look at below links which would throw some moe light on this topic.

http://en.wikipedia.org/wiki/Application_layer_firewall
http://www.networkcomputing.com/1405/1405f3.html

It would be interesting to know Which firewalls have you worked on ?
Any Application level firewall ?

sanjay>> Yes. ISA, to name one.


Thanks,
Aditya Govind Mukadam

On Wed, Jul 30, 2008 at 8:22 PM, Sanjay R <2sanjayr () gmail com> wrote:

sorry for a late response. ..

On Fri, Jul 18, 2008 at 7:26 PM, ॐ aditya mukadam ॐ
<aditya.mukadam () gmail com> wrote:

Application level firewalls are actually not firewalls but can be
called as intelligent proxies. Cisco ASA is a stateful firewall.

sanjay>> Application level firewalls are firewalls. Proxy, if used in
a special way, is a type of application level firewall. however, it
will be nice and interesting to hear "why application level firewall
is NOT a firewall?"


I know BlueCoat proxy which would categorize as application level firewall.

Thanks,
Aditya Govind Mukadam

On Thu, Jul 17, 2008 at 7:44 PM,  <ams.sec () gmail com> wrote:

Hi everyone,

Can anyone please list out some name of application level firewalls. Would Cisco ASA qualify as a application 
firewall? I have heard it needs certain addons to provide application screening functionality. Thanks a zillion.

Ams




--
Computer Security Learner




-- 
Computer Security Learner

Current thread:

Re: Application Firewall ॐ aditya mukadam ॐ (Aug 03)
- Re: Application Firewall Sanjay R (Aug 03)
- Test Case on Firewall/IDS/Swithches and Routers/Load Balancer harshad.mengle (Aug 05)
  - Re: Test Case on Firewall/IDS/Swithches and Routers/Load Balancer ॐ aditya mukadam ॐ (Aug 06)
- <Possible follow-ups>
- Re: Application Firewall Steve Armstrong (Aug 03)