Networking Fundamentals, 3rd Edition page 476

Copyright Goodheart-Willcox Co., Inc. 476 Networking Fundamentals OSI model because it not only inspects packet contents related to layer 3 (network layer), it also inspects the packet sequence as related to layer 4 (transport layer). Stateful packet inspection requires packets to be stored and the fi rewall CPU to process information before applying a fi lter. As a result, stateful packet inspection is slower than stateless packet inspection and can cause network latency. Stateless packet inspection is quicker because it simply compares packet data against a set of fi rewall rules and then applies the fi lter. Stateless packet inspection causes less network latency compared with stateful packet inspection. Th e following table sum- marizes stateful and stateless packet inspection. Stateless Inspection Stateful Inspection Inspects individual packets Inspects packet flow Operates at OSI layer 3 (network layer) Operates at OSI layer 3 (network layer) and layer 4 (transport layer) Static inspection Dynamic inspection Fast Slow and increased network latency Application Gateway An application gateway provides security for specifi c applications such as FTP and Telnet. Th e gateway is confi gured to accept traffi c based on the exact match of the application permitted. Content Filter Many websites contain inappropriate material. A content fi lter is confi gured to block websites or packet contents that contain specifi c terms. Most content fi ltering packages require a subscription to a service that updates the fi ltering components on a routine basis. Content fi ltering can also incorporate protection from malware. Typically, a content fi lter is based on a list of search terms, such as alcohol, cult, and drugs. Th e exact list can be controlled by the system administrator. For example, the word drug may not be appropriate for a middle school, but would be appropriate for a medical college. Circuit-Level Gateway A circuit-level gateway monitors a connection until the connection is successfully established between the destination and source hosts. After the connection is es- tablished, packets can fl ow freely between the two hosts. Since the packet sequence is encoded, it is usually quite diffi cult for an intruder to access the stream of data moving between the hosts. Firewall Signature Identifi cation Firewall signature identifi cation works in similar fashion as antivirus protection and is often considered the same thing. Malware can often be classifi ed by a collec- tion of distinct attributes such as port number, payload size, and source address. When a packet is intercepted, it can be compared to specifi c attributes. When the attributes match, the packet is removed. Th e main weakness of signature identifi ca- tion is the same as it is for antivirus software. Both require constant updates of new signatures or defi nitions this is referred to as signature management. New malware is created every day. Th ere is no signature immediately available for new malware. 2.3 NET 4.6 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 476 (498 of 720)

Resources and Downloads

Help