What is the difference between circuit-level gateways and application-level gateways relative to network firew...
Good question. First, let's clarify some terminology. Security professionals use a number of different terms that all mean the same thing. Circuit-level gateways are often referred to as stateful inspection firewalls. Application-level gateways are often referred to as proxy firewalls or application proxy firewalls.
There are three general classes of firewalls: packet filtering firewalls, stateful inspection firewalls and proxy firewalls. All three analyze inbound packets against a rule base and decide to block or allow the packet based upon those rules. Packet filtering firewalls don't do anything else. They analyze each packet in isolation and don't have any context (or "state") information to compare the current packet with previous packets.
Stateful inspection firewalls go a bit further. They monitor the connection setup and teardown process to keep tabs on connections at the TCP/IP level. This allows them to keep track of state information and determine which systems have open, authorized connections at any given point in time. They only reference the rule base when a new connection is requested. Packets belonging to existing connections are compared to the firewall's state table of open connections, saving time and providing added security.
Proxy firewalls are the most advanced. Like stateful inspection firewalls, they're connection-aware. But unlike the other two, they intercept all connections and perform an in-depth application layer analysis. Each time an external client requests a connection with an internal server (or vice versa), the client opens a connection with the firewall. If the connection meets the criteria in the firewall rule base, the proxy firewall will open a connection to the requested server. This places the firewall in the middle of the logical connection and allows it to watch the traffic for any signs of malicious activity at the application level.
For more on firewalls, read the Firewall Architecture Guide.
Related Q&A from Mike Chapple
The updated HITRUST Common Security Framework allows organizations to manage privacy, security and compliance with one framework. Here's how it works...continue reading
A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits.continue reading
A data breach warranty may seem like a tempting way to survive a costly attack, but it may not be all it's hyped up to be. Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.