How does the application layer firewall defend against protocol stack attacks?

Although the firewall has been the main security method for Internet connection for 25 years, during this period, attackers have targeted the protocol stack and bypassed the operating system or TCP/IP protocol, directly implements the HTTP, HTML, and XML protocols for modern distributed web applications. Therefore, it is vital to integrate lower-layer firewalls with smart application-layer firewalls for more comprehensive and effective protection.

Application layer firewall can detect 31 different application policies

What is an application?-Or what must be protected? Almost everything is Web-based, so this does not involve the problem that all TCP ports are 80 or 443. At the same time, it is not a URL problem, because a lot of things can be stacked on a website or page. Such platforms as Facebook and Google contain dozens or even hundreds of so-called applications, including chats, videos, emails, games, workbooks, surveys, and file conversion. Therefore, a firewall with Application Intelligence must be able to identify different features and functions on a Web page platform, and comply with different application policies. If the functions of an application have different security risks, such as different risk configurations, the firewall must be handled according to the specific situation.

The most complex and rapidly changing traffic is the Web session initiated by the user, which is the location where new applications and threats may appear somewhere on the Internet, this kind of session is widely welcomed and attracted the attention of attackers. Web-based applications are no longer controlled by enterprise IT and become a hotbed of innovation. On a seemingly beneficial website, a small modification can convert it into an excellent new attack derivative. For example, a widely-respected news website may suddenly become very dangerous, because this additional reader chat room may generate users and possibly bring dangerous content into the website.

At the same time, the company must also respond to Web-based delivery and use enterprise applications in conjunction with partners, suppliers and customers. Here, XML-based protocols such as SOAP and REST can be used to connect to Enterprise Resource Planning (ERP), Supply Chain Management (SCM ), and various vertical billing and financial-related applications, such as banking, manufacturing, energy, and transportation. XML-based protocols can have almost any complicated layers and can be directly bound to business processes, which leads to rare security risks.

Why cannot I use one type of firewall to cope with all threats?

If the company must guard against low-level attacks, Web-based attacks, and application-Integrated Traffic attacks, can a firewall be installed to achieve a permanent effect? Why can't all necessary functions be integrated into one device? The answer is simple, because opening, checking, and identifying the network traffic flow of each input or output enterprise network requires a lot of processing capabilities. There is a constant between intelligence and performance at the application layer. Too much firewall flow protection will lead to latency and cannot achieve fast enough processing speed as required. Too simple protection may miss some important threats.

Integrate application-aware firewalls with other network security firewalls

To achieve a balance, the company can install a specific firewall on different network layers. Low-level network firewalls can filter a large amount of bundled traffic, such as cache port scanning, denial of service, and other low-level network attacks. Understand the current fine-grained policies of complex Web applications through applications, allowing user traffic to pass through an application layer firewall to control acceptable use and risks. The application gateway or XML firewall can intercept the integrated traffic flow between enterprises and partners, check the XML mode and content, and confirm the signature and encrypt/decrypt the traffic.

Different types of traffic face different risks and have different performance characteristics. Security experts must properly weigh performance and review depth based on each situation and select the right solution: A data-centric firewall dedicated to controlling the internal network of 10 Gbit/s is completely different from an Internet uplink firewall for user traffic or a DMZ partner firewall optimized for encryption and XML.

After nearly 25 years of development, the firewall continues to be at the forefront of security. But this is only because the term "firewall" already covers different types of security devices, and each type has its own use. The most important security consideration is to select the correct firewall to handle different types of traffic.

Edit recommendations]