Static Packet-Filtering Firewalls

Secure Network Components 
489
first-generation firewalls; they operate at layer 3 (the Network layer) of the OSI model. 
They can also be called 
screening routers
.
Application-Level Gateway Firewalls
An 
application-level gateway firewall
is also called a 
proxy firewall. A 
proxy
is a mechanism that copies packets from one network into another; 
the copy process also changes the source and destination addresses to protect the identity 
of the internal or private network. An application-level gateway firewall filters traffic based 
on the internet service (in other words, the application) used to transmit or receive the data. 
Each type of application must have its own unique proxy server. Thus, an application-level 
gateway firewall comprises numerous individual proxy servers. This type of firewall nega-
tively affects network performance because each packet must be examined and processed as 
it passes through the firewall. Application-level gateways are known as second-generation 
firewalls, and they operate at the Application layer (layer 7) of the OSI model.
Circuit-Level Gateway Firewalls Circuit-level gateway firewalls
are used to establish 
communication sessions between trusted partners. They operate at the Session layer 
(layer 5) of the OSI model. 
SOCKS
(from 
Socket Secure
, as in TCP/IP ports) is a common 
implementation of a circuit-level gateway firewall. Circuit-level gateway firewalls, also 
known as 
circuit proxies
, manage communications based on the circuit, not the content 
of traffic. They permit or deny forwarding decisions based solely on the endpoint designa-
tions of the communication circuit (in other words, the source and destination addresses 
and service port numbers). Circuit-level gateway firewalls are considered second-genera-
tion firewalls because they represent a modification of the application-level gateway fire-
wall concept.

Download 19,3 Mb.

Do'stlaringiz bilan baham: