Security Basics mailing list archives
Re: Application Firewall
From: "ॐ aditya mukadam ॐ" <aditya.mukadam () gmail com>
Date: Tue, 22 Jul 2008 08:45:17 +0530
Definition of firewall would change depending on the which Layer of TCP/IP you are at . I agree BlueCoat is an application proxy as its name suggests 'BlueCoat Proxy ! You can do quite lot of things with it and also configure rules based on the source IPs,Destination IPs, Services etc. You can even integrate this with Websense. It is quite a powerful device.( Disclaimer: These are my personal views based on my experience and I donot intend to market this product through this mailing-list :-) ) Thanks, Aditya Govind Mukadam On Fri, Jul 18, 2008 at 8:50 PM, Bryan S. Sampsel <bsampsel () libertyactivist org> wrote:
Actually, that's not quite true. The BlueCoat is a specialized device that protects one thing. However, I would not deploy it in the open on its own, as I would a Borderware or Sidewinder firewall. It's an application proxy, but it is not a full firewall in and of itself. A Sidewinder, even before they added packet filter capabilities, does qualify as a firewall. As did the old Raptor and Gauntlet firewalls. The Cisco ASA is a stateful packet inspection firewall, but does not protect the upper areas of the OSI model. Nor does it present a hardened IP stack between two ends of a protected connection. It filters the connection, but when a connection is allowed, it is directly connected to the end point. Whereas, with the Sidewinder Firewall, if an FTP proxy is sitting between the client and server, the client connects to the proxy and hardened IP stack of the Sidewinder. The Sidewinder's proxy, which does have some additional protections/limitations that can be configured, then initiates the connection to the server on behalf of the client. Even when using a "generic" proxy, at the very minimum, the client is protected by the hardened IP stack of the Sidewinder. While a straight packet filter firewall has its place, it does not protect to the same extent. ? aditya mukadam ? wrote:Application level firewalls are actually not firewalls but can be called as intelligent proxies. Cisco ASA is a stateful firewall. I know BlueCoat proxy which would categorize as application level firewall.
Current thread:
- Application Firewall ams . sec (Jul 18)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 18)
- Re: Application Firewall Bryan S. Sampsel (Jul 21)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 22)
- Re: Application Firewall Sanjay R (Jul 31)
- Re: Application Firewall Bryan S. Sampsel (Jul 21)
- Re: Application Firewall Adriel Desautels (Jul 18)
- Re: Application Firewall Ivan . (Jul 21)
- Re: Application Firewall Bryan S. Sampsel (Jul 18)
- Re: Application Firewall Adriel Desautels (Jul 21)
- Re: Application Firewall Paul Wong (Jul 27)
- Re: Application Firewall Adriel Desautels (Jul 21)
- <Possible follow-ups>
- Re: Application Firewall Kyu Kwak (Jul 21)
- RE: Application Firewall Roni Bachar (Jul 30)
- Re: Re: Application Firewall antman84ca (Jul 21)
- Re: RE: Application Firewall anonymous (Jul 31)
- Re: Application Firewall ॐ aditya mukadam ॐ (Jul 18)