Application gateways / firewall-information security, Computer Network Security

Application Gateways / firewall

The application level firewall is installed on a dedicated computer; also called as a proxy server. These servers can store the recently accessed pages in their cache and called as cache servers. As proxy server is placed in unsecured area of the network (for example DMZ), it is exposed to higher levels of risk from unreliable networks. Additional filtering routers can be implemented behind proxy server, further protecting internal systems. The disadvantage is they are characteristically restricted to a single application, as they work at application layer. Figure given below illustrates the different types of Firewalls which is compared to OSI model

 

 

255_Application Gateways -firewall.png

 

 

 Circuit Gateways

The circuit gateway firewall operates at transport layer. Filtering firewalls, do not normally look at data traffic flowing between two networks, but it prevent direct connections between one network and the other. This is can be accomplished by creating tunnels connecting specific processes or systems on each side of firewall, and allows authorized traffic in the tunnels.

 MAC Layer Firewalls

MAC layer firewalls which is designed to operate at media access control layer of OSI network model. This gives the ability to consider specific host computer’s identity in the filtering decisions of it. The MAC addresses of specific host computers are linked to access control list (ACL) entries that identify specific types of packets which can be sent to each host; all other traffic is blocked.

 Hybrid Firewalls


Hybrid Firewalls combine elements of other types of firewalls; that is, elements of packet filtering and proxy services, or of packet filtering and circuit gateways. On the other hand, it may consist of 2 separate firewall devices; each is a separate firewall system, but is connected to work in tandem. Without replacing the existing firewalls completely, an organization can make a security improvement, from this approach.

Posted Date: 10/9/2012 3:36:25 AM | Location : United States







Related Discussions:- Application gateways / firewall-information security, Assignment Help, Ask Question on Application gateways / firewall-information security, Get Answer, Expert's Help, Application gateways / firewall-information security Discussions

Write discussion on Application gateways / firewall-information security
Your posts are moderated
Related Questions
Techniques for combating Spam mails Many anti spam products are commercially available in market. But it should also be noted that no  one technique is a complete solution to

Produce a short report of your experiences in installing and using PGP. The report should be written in the form of a journal that contains at least the following items: A de

QUESTION a) Compare and contrast between static and dynamic routing. b) What are the merits (five merits) and limitations (3 limitations) of using Open Shortest Path First

doing coursework in Network Security to present a possible solution to the problem at hand by creating a prototype of the new network security infrastructure. This new design shou

Da t a compre s sion and the trans p ort s e rvices,   The main purpose of the transport layer is to provide services which are efficient, reliable and cost-effecti

The Security Systems Development Life Cycle (SecSDLC) The same phases which is used in traditional SDLC can be adapted to support specialized implementation of IS project,At its

The best results obtained in the PIIT classes have been when the technique has been used in tutorial groups, rather than have students submit individual reflections on particular c

Example : Softbank – theft of consumer data for extortion Softbank of Japan offers broadband Internet services across Japan through 2 subsidiaries – Yahoo! BB and Softbank BB. I

ROUTING TABLE For efficiency, information about forwarding is saved in a routing table, which is started at system initialization and must be updated as network topology modif

Spambot Detection: The  previous studies in this field  have focused on content and meta-content based features.  The main assumption in this area of spam detection of late is