Monday, June 12, 2006
Firewall Flavours
Application firewall: Can examine application-level information about packet flows so it can catch, example, an attack that uses SQL “injection” to insert a viruses into a database.
Network firewall: A firewall placed at the edge of a network to detect and block malicious traffic passing between networks.
Personal firewall: Firewall placed on a user’s machine to detect and block malicious traffic
attacking that system.
Proxy-based firewall: Creates a second, “proxy,” server through which traffic passes (and must be inspected) before it enters the enterprise or is sent to the outside world.
Stateful analysis: Evaluates not only individual packets, but also all the packets in a communications session to ensure the overall stream doesn’t contain an attack.
Blacklist: The process by which a security device compares traffic with a list of known attacks, or with domains or IP addresses from which attacks are known to have been launched, and blocks traffic on the blacklist. Anything not specifically prohibited is allowed.
Whitelist: The process by which a security device compares traffic with a list of acceptable applications, or with known safe domains or addresses, and allows them to pass. Anything not specifically allowed is blocked.
courtesy Computerworld.Com
Network firewall: A firewall placed at the edge of a network to detect and block malicious traffic passing between networks.
Personal firewall: Firewall placed on a user’s machine to detect and block malicious traffic
attacking that system.
Proxy-based firewall: Creates a second, “proxy,” server through which traffic passes (and must be inspected) before it enters the enterprise or is sent to the outside world.
Stateful analysis: Evaluates not only individual packets, but also all the packets in a communications session to ensure the overall stream doesn’t contain an attack.
Blacklist: The process by which a security device compares traffic with a list of known attacks, or with domains or IP addresses from which attacks are known to have been launched, and blocks traffic on the blacklist. Anything not specifically prohibited is allowed.
Whitelist: The process by which a security device compares traffic with a list of acceptable applications, or with known safe domains or addresses, and allows them to pass. Anything not specifically allowed is blocked.
courtesy Computerworld.Com
Subscribe to Posts [Atom]
