Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Firewalls Gain New Depth, Security

    By
    Andrew Garcia
    -
    February 16, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Deep packet filtering technology represents the newest weapon in the arsenal against blended application attacks, arming perimeter firewalls with a layer of application-aware security services.

      Deep packet inspection devices reassemble and reorder multiple packets into their original traffic flows, perform application analysis, and make and enforce policy decisions based on the entire content. Reconstituting flows allows these devices to become multifunctional and offer expanded content services such as spam and virus filtering.

      A variety of deep packet filtering products are coming to market, with Check Point Software Technologies Ltd. and NetScreen Technologies Inc. leading the charge. (Juniper Networks Inc. was in the process of purchasing NetScreen as this issue went to press). Prices start at $570 for NetScreen 5GT with a one-year signature subscription. Prices escalate quickly depending on network size, number of users and other factors.

      eWEEK Labs believes deep packet filtering products are a good choice for boosting security, particularly for smaller networks and branch offices. However, large-enterprise network administrators should weigh the performance impact these devices will have on the network.

      Currently, stateful inspection firewalls protect resources at the network layer, but the speed and efficiency provided by stateful devices come at a cost. These devices look at packet headers, making access decisions based on source, destination and traffic port. If a packet matches these criteria, it is permitted into the network, no matter what content it carries. Code Red, Slammer, Blaster and who knows how many buffer overflow exploits have capitalized on this lack of application awareness.

      Most deep packet filtering devices use multiple approaches to identify these threats in the recomposed flows. These devices often employ signatures to identify known attacks. Vendors package recognizable chunks of code from exploits and make them available to the customer periodically.

      However, signature-based scans require significant resources on the firewall because they must compare the entire signature database with each traffic flow. And, like anti-virus signatures, deep filtering signatures are reactive. Vendors can only create the package code once an exploit is known.

      Getting multifunctional

      Although their technologies differ, each of these vendors offers content- and application-aware firewalls. Most vendors sell several models targeted to different segments of the network.

      Vendor Product
      Check Point FireWall-1 NGAI
      Crossbeam Systems Inc.

      C-Series

      Fortinet Inc.

      FortiGate

      Inkra Networks Inc.

      Virtual Service Switches

      Internet Security Systems Inc.

      Proventia

      iPolicy Networks

      Unified Security System

      NetScreen

      Screen OS 5.0 with deep inspection

      Symantec Corp.

      Symantec Gateway Security

      Deep packet inspection devices also look for protocol conformance. Binary data is not allowed in HTTP headers, for example, so deep packet inspection engines detect and block traffic attempting to introduce malicious code in this way.

      Protocol anomaly checks are used to identify applications that hijack common network ports. For example, peer-to-peer applications have commonly usurped port 80, embedding themselves in HTTP traffic to traverse the firewall. Protocol anomaly scans identify directory traversal attacks and long HTTP header attacks.

      Check Point and NetScreen have made the most noise touting their application-layer defenses, but a number of other security vendors have released multifunction appliances that increase application- and file-level security in a variety of ways.

      Check Point officials claimed that the companys FireWall-1 NGAI (Next Generation with Application Intelligence) appliances signatures are not reactive because they are based on networks vulnerabilities and not on known exploits.

      FireWall-1 NGAI controls application-layer operations by making granular policies based on how the application works. As a result, administrators can define rules to block FTP PUT commands while allowing GETs.

      /zimages/5/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

      By comparison, NetScreens Deep Inspection feature uses signature-based and protocol anomaly detection capabilities. NetScreen devices do not have a hard drive, which limits the buffer space available to scan traffic to memory. To improve efficiency, NetScreen devices group signatures by traffic type, identify the type of flow under scan and apply only relevant signatures.

      NetScreen officials said branch offices and midsize enterprises will get the most benefit from the added protection in an integrated solution. Larger enterprises with greater throughput demands and more expertise should look more closely at separate point solutions.

      Technical Analyst Andrew Garcia can be reached at [email protected].

      Avatar
      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×