WebApp Sec mailing list archives
RE: web appliaction security products (AKA application firewalls)
From: "Lars Troen" <Lars.Troen () proxycom no>
Date: Sun, 24 Nov 2002 21:00:25 +0100
Application firewalls are normally considered as more secure than packet filtering/stateful inspection based firewalls. This because they know each protocol that they provide trafic for in detail. This also can also make the configuration options for each protocol on a detailed level. You can set options that restrict a user to only read files through cifs (smb/netbios), or other protocols. OTOH such firewalls are harder to get things to work through, because you only have support for a number of applications. So most application firewalls has now also support for stateful inspection. But beware that there are two definitions on this topic. The definition checkpoint has of stateful inspection does to some extent support some things that an application proxy provide, because you can check every aspect of a packet in a session and you change things in the packet if you want. But this (inspect language) is not very well documented and you have to write routines for "your" protocols yourself. And by default there's no options to limit accesses through such (pre-defined inpect protocols) protocols (from gui) unless using the security servers (app proxies). Other firewalls often use "stateful inspection" for ip tables functionality, keeping state of each session in a table instead of using syn/ack flags like old packet filters did. Modern application proxies usually has support for ip tables in addition to it's application proxies so you are not as lost with an application proxy as you were a few years ago. Products that I have used here is Checkpoint firewall-1/Pix (these are basicly stateful inspection, but has limited support for application proxies) and Symantec (Raptor) Enterprise firewall/MS Proxy (ISA) (these do also provide stateful inspection if you need it). Or are you thinking of tools that protect a service like SecureIIS from eEye? Or an integrated IDS/Firewall tool like Hogwash/Inline Snort or Black Ice Defender? Lars
-----Original Message----- From: Shimon Silberschlag [mailto:shimons () bll co il] Sent: Wednesday, November 20, 2002 09:21 To: webappsec () securityfocus com Subject: web appliaction security products (AKA application firewalls) What is the group experience with these type of devices? Any good, bad or horror stories about using/maintaining them? Any specific recommendations? I know the charter doesn't really cater for discussion of commercial tools so please keep answers generic and objective Shimon Silberschlag +972-3-9352785 +972-51-207130
Current thread:
- web appliaction security products (AKA application firewalls) Shimon Silberschlag (Nov 22)
- Re: web appliaction security products (AKA application firewalls) Skip Carter (Nov 23)
- Re: web appliaction security products (AKA application firewalls) Kevin Spett (Nov 23)
- RE: web appliaction security products (AKA application firewalls) Fernando Martins (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Jason Childers (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Bennett Todd (Nov 25)
- <Possible follow-ups>
- RE: web appliaction security products (AKA application firewalls) Lars Troen (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)
- Re: web appliaction security products (AKA application firewalls) securityarchitect (Nov 24)
- Re: web appliaction security products (AKA application firewalls) Dave Aitel (Nov 24)