Scribd Logo
Upload

Welcome to Scribd!

  • Subtitle

    Uploaded by

    Mohammed Zakaria
    3 views1 page

    Original Title

    subtitle (27)

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views1 page

    Subtitle

    Uploaded by

    Mohammed Zakaria

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    In this video, you will learn to; describe application

    gateways and how this differ from standard


    packet filtering firewalls, describe the limitations
    of application gateways. Application gateways, so these
    also are filter packets. But they are on
    the application data. Which is the payload right at the top level
    of the OSI stack, as well as these IP transport the fields that are in there. So
    this allows for example, select users to employee the Telnet application
    right outside. So effectively to
    do this mandate. We require all telnet connections to go through a gateway. There's
    an access
    control mechanism that says, yes this is a telnet
    connection and then is this user authorized
    or not authorized. So it is once again an access control type mechanism that is
    applied to
    an application. So there's some
    limitations right here. One of the things that as I said is that these are based
    on transport protocol, so we can masquerade or
    spook the IP address. This is done significantly
    with Internet attacks that the source destination
    is not in fact the true source destination
    but its masqueraded, it appears to becoming
    from either a customer or a trusted source when
    in fact it is anything. But these firewalls that
    we have been discussing. Do not have a mechanism
    to really validate this, but significant threat
    area right there. For application gateways
    application firewalls. This is a one-to-one
    relationship so that if you've got a single application
    like a telnet, or in broadcast UDP
    each one of these is going to require
    its own application gateways. So there's one to
    one relationship. This gets into
    a very expensive process. In addition, the client software, the applications,
    the web browsers, the email tools, Ftp tools, instant messaging all of
    them have to be smart. So they need to have the protocol predetermined to know how
    to communicate with the gateways whether that's an application
    or a packet filter. These packet filters
    will frequently are all or nothing application
    relative to UDP. There's a security
    thought that UDP should be largely disengaged. Because that's broadcasts,
    there's a number of security vulnerabilities that
    are associated with that. So what is the trade-off? The trade-off is
    open communication with the outside world. No security policies in play. As opposed
    to an increasing
    level of security. With the increasing
    level of security, there's more control
    on protocols and applications and user access. So that is the trade space that the
    security engineer
    needs to outbreak. Despite that, many
    highly protected sites US government sites still
    suffer from cyber attack.

    You might also like