Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Purpose of firewalls

 
Ram Dhan Yadav K
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is the purpose of a firewall?
Ans: Firewalls are used to mediate and control all information that is communicated between an external (untrusted) network and an internal (trusted) network. Firewalls make use of IP filtering and application proxies to implement firewall security policies.
Q: What are application proxies?
thanks,
Ramdhan YK
 
Bhagvan Kommadi
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
An application proxy is an application program that runs on a firewall system between two networks. The host on which the proxy runs does not need to be acting as a router. When a client program establishes a connection �through� a proxy to a destination service, it first establishes a connection directly to the proxy server program. The client then negotiates with the proxy server to have the proxy establish a connection on behalf of the client between the proxy and the destination service. If successful, there are then two connections in place: one between the client and the proxy server and another between the proxy server and the destination service. Once established, the proxy then receives and forwards traffic bi-directionally between the client and service. The proxy makes all connection-establishment and packet-forwarding decisions; any routing functions that are active on the host system are irrelevant to the proxy.
As with packet filtering, application proxies are available on both special purpose proxy machines and general purpose computers. Generally speaking, application proxies are slower than packet filtering routers. However, application proxies are, in some ways, inherently more secure than packet filtering routers. Packet filtering routers have historically suffered from implementation flaws or oversights in the operating system�s routing implementation on which they depend. Since packet filtering capabilities are �add-ons� to routing, they cannot correct or compensate for certain kinds of routing flaws.
As a result of making more complex filtering and access control decisions, application proxies can require significant computing resources and an expensive host upon which to execute. For example, if a certain firewall technology running on a UNIX platform needs to support 200 concurrent HTTP sessions, the host must be capable of supporting 200 HTTP proxy processes with reasonable performance. Add 100 FTP sessions, 25 SMTP sessions, some LDAP sessions, and some DNS transactions and you have a host that needs to sustain 500 to 1,000 proxy processes. Some proxies are implemented using kernel threads (which can dramatically reduce resource requirements) but resource demands remain high.
 
Ram Dhan Yadav K
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bhagavan,
That gives me a good introduction about application proxies. What i understand is that, you have appserver on wchich your application will be running and you have a proxy server which sits between appserver and client and manages application proxies. Correct me if i am wrong.
Well what i am puzzled is that, to be able to utiliize application proxies, does the application developer have to develop proxies also along with applications, or is it completely managed by the proxy server and transperant to application developer.
Can you give some insight into this.
thanks,
Ramdhan YK
 
Bhagvan Kommadi
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Proxies are mostly used to control, or monitor, outbound traffic. Some application proxies cache the requested data. This lowers bandwidth requirements and decreases the access the same data for the next user. It also gives unquestionable evidence of what was transferred.
There are two types of proxy servers.
Application Proxies - that do the work for you.
SOCKS Proxies - that cross wire ports.
Application Proxy
The best example is a person telneting to another computer and then telneting from there to the outside world. With a application proxy server the process is automated. As you telnet to the outside world the client send you to the proxy first. The proxy then connects to the server you requested (the outside world) and returns the data to you.
Because proxy servers are handling all the communications, they can log everything they (you) do. For HTTP (web) proxies this includes very URL they you see. For FTP proxies this includes every file you download. They can even filter out "inappropriate" words from the sites you visit or scan for viruses.
Application proxy servers can authenticate users. Before a connection to the outside is made, the server can ask the user to login first. To a web user this would make every site look like it required a login.
SOCKS Proxy
A SOCKS server is a lot like an old switch board. It simply cross wires your connection through the system to another outside connection.
Most SOCKS server only work with TCP type connections. And like filtering firewalls they don't provide for user authentication. They can however record where each user connected to.
 
Ram Dhan Yadav K
Ranch Hand
Posts: 321
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Bhagavan,
Thats a good explanation. Is there any book/resources i can go through for the information.
thanks,
Ramdhan YK
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic