Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Application Layer Firewal? There is such a thing?

from [Mario A. Spinthiras] Network Security [Permanent Link]
Subject: Re: Application Layer Firewal? There is such a thing?
Date: Sat, 28 Oct 2006 15:31:17 +0300
I definitely do not have the brain cells available to flame people on a mailing list that ironically suggested that i am an idiot by using descriptive words such as a "genius" . Therefore I will reallocate my brain cells into explaining a few things that could clarify this thread and hopefully stop the IT wannabes from talking nonsense and inspire the true believers and IT enthusiasts.


LAYER7 : APPLICATION
-
-
-
-
LAYER 3: NETWORK
-
-

From what I have derived since checkpoint was mentioned and so on , you are referring to a firewall that performs inspection on the payload within the packet in order to judge if it is destined for its required destination derived from the packet header.

An example of such a process is checkpoint checking for shellcode in a packet that is destined for port 80 TCP (which is web). That could possibly mean a security hole exploitation since shell code has no business on 80 TCP , thus it drops the packet.

NOT LAYER 7 FIREWALL in any way!

It simply dissects the packet to retrieve its payload , passes it through a filtering list and identifies the type of traffic and if the type of traffic is allowed to it's destination. This might be done in application layers on the actual firewall but that has nothing to do with the fact that it simply opened up a layer 3 packet , viewed , blocked/allowed , and moved on.

The definition of a firewall (by definitive process) has nothing to do with layer 7 on the OSI , disregarding the fact that the actual firewall IS software that reaches layer 7. As far as the filtering it performs it remains up to layer 3.


The reason cisco didnt implement such idiocy is very sensible. Cisco runs on a specific platform , a specific IOS , a specific handling , and it is all matches very well I might add. If they added such a filtering process which would be dominating the available processor and memory resources of a router , imagine how it can change things form a simple 8xx to a 6xxx.

Plus the PIX isnt true IOS which makes it a sad story. Anything else running IOS gives it the honour of a CISCO branded device. YOU CANNOT DOUBT CISCO since they are running the very backbone that made it possible for you to be reading my words and for me to have read the fool that used a relevant amount of irony earlier on this thread aimed at me.

Layer 7 inspection? For the slow minded. Does not help , adds needless waste of resources , and cost.


This isnt my two pense , call it more like a ten pound note.


Warm Regards and have a wonderful weekend,

Mario A. Spinthiras
Netway LTD
Nicosia,
Cyprus




[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Application Layer Firewal? There is such a thing?, Brandon Shoemaker
Next by Date:  Re: Application Layer Firewal? There is such a thing?, Joe Kim
Previous by Thread:  RE: Application Layer Firewal? There is such a thing?, Brandon Shoemaker
Next by Thread:  Re: Application Layer Firewal? There is such a thing?, Joe Kim
Indexes:  [Date] [Thread] [Top] [All Lists]