Application proxy firewalls like CyberGuard and Sidewinder protect up to L7.
I believe that they do it by strictly adhering to how protocols should
behave based on what was specified in RFCs and drop what does not conform on
top of doing the usual stateful packet inspection, etc. The protocols that
they inspect at L7 are the more common ones like HTTP, FTP, SMTP, etc.
IPSs on the other hand rely on signatures that include protocol anomaly but
other detection methodologies as well (such as vulnerability and exploit
detection). The protocols that IPSs are able to scrutinise for anomaly tend
to be broader then those offered by application proxy firewalls.
Remember, security is not one solution but using multiple layers of
security/technologies to minimise risk. Firewalls and IPS are complementary
solutions. A firewall is a must-have as it provides access control to your
enterprise and IPS is a good-to-have depending on your security budget.
barcajax
On 9/15/05, Harjith <harjith@inflowtechnologies.com> wrote:
HI All,
We all talk about firewall technologies and different security
technologies.
Today, all most all enterprise are having the firewalls which protect you
from L3 and L4 attacks. What about L7 attacks ?
If Im not wrong , IPS address this field. Different vendors talk about
different technologies and methods to prevent these attacks.
Eg: Signature Based, Protocol and traffic anomoly detection, Intelligent
layer scanning etc.
Can any one help me in understanding the different technologies to
protect from L7 attacks and what is the best technology to adopt?
-harjith
