Firewall Wizards mailing list archives
Re: Application Intelligent vs ALG
From: "Volker Tanger" <volker.tanger () discon de>
Date: Tue, 24 Jun 2003 10:22:46 +0200
Greetings! On Mon, 23 Jun 2003 09:18:19 -0400 Frederick M Avolio <fred () avolio com> wrote:
I asked them, how is this different from application gateways (security proxies). I applaud the addition of them (like there are other hybrid firewalls).
Brief overview at http://www.wyae.de/docs/gateways.php There is a basic difference between inspection and proxies/ALGs: Inspection modules only observe the passing data flow, maximal flipping a bit (later more on this), but no insertion or deletion of data within the packet stream happens. They just sit and wait - if something foul comes to their eyes, they simply cut the connection. So this technique theoretically is faster than ALGs. For HTML CheckPoint can "filter" HTML tags - they just flip the first character after the < into a bogus one (a question mark, IIRC) thus rendering the tag invalid. All the remaining code stays unchanged in the transmitted data stream. ALGs re-package the data stream. The network traffic ends at the firewall, a new connection (often with "fake" source IP) is opened and only the data is transferred from the one to the other connection. With this adding, modifying or deleting data (e.g. HTML or SMTP headers) is a piece of cake, deleting data even is faster than with other techniques (drop that part, just don't re-package). Plus fancy playing with IP header data as attack will automagically end at the ALG as it opens a new, clean connection on the other side of the FW. No need to filter in the IP header. NAT hiding comes for free, too, as comes migration between protocols (IPv4-IPv6, HTTP-HTTPS, etc), depending only on the ALG's configurability. Bye Volker Tanger IT-Security discon gmbh DeTeWe AG & Co. KG Fon +49 30 6104-3307 Fax +49 30 6104-3435 http://www.detewe.de/ -- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Application Intelligent vs ALG SimonChan (Jun 22)
- Re: Application Intelligent vs ALG Frederick M Avolio (Jun 23)
- Re: Application Intelligent vs ALG Tony Miedaner (Jun 24)
- Re: Application Intelligent vs ALG Shimon Silberschlag (Jun 24)
- Re: Application Intelligent vs ALG Adam Shostack (Jun 25)
- Re: Application Intelligent vs ALG Volker Tanger (Jun 24)
- Re: Application Intelligent vs ALG ark (Jun 25)
- Re: Application Intelligent vs ALG Rama krishna prasad (Jun 25)
- Re: Application Intelligent vs ALG Tony Miedaner (Jun 24)
- <Possible follow-ups>
- Re: Application Intelligent vs ALG SimonChan (Jun 27)
- Re: Application Intelligent vs ALG Frederick M Avolio (Jun 23)