Re: Layer 7 firewall Vs Stateful packet inspection firewall

From: Don Kelloway (dkelloway@commodon.com)
Date: 03/19/03 

From: "Don Kelloway" <dkelloway@commodon.com>
Date: Wed, 19 Mar 2003 16:08:14 GMT

Wayne,

Unless something has changed, CheckPoint (starting with Firewall-1) provides
the ability to inspect the Application Layer, which is either the 7th (OSI)
or 4th (TCP/IP) layer depending upon the model we're referring to. This
indicates to me that CheckPoint is capable of inspecting/filtering layers
2-7 of the OSI model or layers 2-4 of the TCP/IP model. 

--
Best regards,
Don Kelloway
Commodon Communications
http://www.commodon.com
"Wayne McGlinn" <wmcglinn@optushome.com.au> wrote in message
news:3e784d72$0$27769$afc38c87@news.optusnet.com.au...
> Checkpoint's Inspect Engine checks packets between Layer 2 and 3, Don. It
is
> designed for IP, doesn't care what is below.
>
> Wayne McGlinn
> Brisbane, Oz
>
> "Don Kelloway" <dkelloway@commodon.com> wrote in message
> news:8BJda.76$WQ5.62@tornadotest1.news.pas.earthlink.net...
> > For simplistic discussion there are two primary types of firewalls.
> > Proxy-based and SMLI-based.  Each has pro's and con's when compared to
the
> > other.  There are also what's referred to as 'hybrid' types of firewalls
> > which combine the best of both technologies.  Such firewalls
(CheckPoint,
> > Elron Firewall, Cisco PIX, etc.) are capable filtering layers two
through
> > seven.
> >
> > For a thorough understanding of the topic, you may want to consider
> reading
> > 'Building Internet Firewalls', published by O'Reilly.  It's an excellent
> > book that will explain the above in greater detail without losing you in
> the
> > middle somewhere.
> >
> > --
> > Best regards,
> > Don Kelloway
> > Commodon Communications
> > http://www.commodon.com
> >
> >
>
>

Relevant Pages

  • Re: Defense in Depth
    ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
    (Security-Basics)
  • Re: Firewalls: whats the use?
    ... We are thinking obviously of different firewalls here. ... machine network and an untrusted network. ... they are a separate tool that can be used to control what people ... have access to based on a SEPARATE OSI Layer. ...
    (comp.os.linux.security)
  • RE: [fw-wiz] GIDS, Intrusion Prevention: A Firewall by Any Other Name
    ... Things that are really signature ... policy based firewalls not being capable of providing the sorts of security ... As with other aspects of security; Defense In Depth should be a cardinal ... Yes I know that this is the Application Layer gateway model, ...
    (Firewall-Wizards)
  • Re: What are the best tools to prevent, eliminate worms, virus, web attracks from a network
    ... Worms, virii, and web attacks can all get ... Because they are Layer 7 type attacks. ... While yes, some firewalls ... Trent wrote: ...
    (comp.security.firewalls)
  • RE: [fw-wiz] Firewalls v. Router ACLs
    ... So thousands of ACL logs per second can ratchet your processor ... CheckPoint AI and NG have far superior higher level packet inspection ... am I using these firewalls to protect against ...
    (Firewall-Wizards)
Quantcast