Page 383 - StudyBook.pdf

P. 383

Infrastructure Security: Devices and Media • Chapter 6 367

Figure 6.1 Packet Filtering Technology
Client Server

Packet
Filtering
Firewall
OSI Model OSI Model
Application Application

Presentation Presentation
Session Open Port Session

Transport Transport
OSI Model
Network Network Network

Data Link Data Link Data Link
Physical Physical Physical

Application-layer Gateways

The second ﬁrewall technology is called application ﬁltering or an application-layer
gateway.This technology is more advanced than packet ﬁltering, as it examines the
entire packet and determines what should be done with the packet based on spe-
ciﬁc deﬁned rules. For example, with an application-layer gateway, if a Telnet packet
is sent through the standard FTP port, the ﬁrewall can determine this and block
the packet if a rule is deﬁned disallowing Telnet trafﬁc through the FTP port. It
should be noted that this technology is used by proxy servers to provide applica-
tion-layer ﬁltering to clients.
One of the major beneﬁts of application-layer gateway technology is its appli-
cation-layer awareness. Since application-layer gateway technology can determine
more information from a packet than a simple packet ﬁlter can, application-layer
gateway technology uses more complex rules to determine the validity of any
given packet.These rules take advantage of the fact that application-layer gateways
can determine whether data in a packet matches what is expected for data going to
a speciﬁc port. For example, the application-layer gateway can tell if packets con-
taining controls for a Trojan horse application are being sent to the HTTP port
(80) and thus, can block them.

www.syngress.com

378 379 380 381 382 383 384 385 386 387 388