By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Traditional firewall technologies -- such as packet filtering and stateful inspection -- are no longer adequate because they cannot distinguish between malicious and non-malicious requests and data. Also, the diversity and volume of traffic is making it more difficult for pure "allow/block" rules to filter. For example, a firewall may only allow HTTP traffic on port 80, but such a restriction still lets SQL injection attacks through as valid HTTP requests. Spyware, similarly, could still run a communication channel to an outside server listening on port 80.
Firewall vendors have responded to these threats by developing application-layer firewalls. Compared with traditional firewalls, application-layer filtering devices certainly provide better content-filtering capabilities. They have the ability to examine the payload of a packet and make decisions based on content, allowing them to permit or deny specific application requests or commands. The firewall's functions give administrators a far greater degree of granular control over network traffic. For example, admins can allow or deny a specific incoming telnet command from a particular user. Many application-layer firewalls now allow you to create filters to intercept, analyze or modify traffic specific to your network, making it easier to adapt the firewall to protect your particular assets.
A firewall should be able to "learn" what is and isn't normal traffic for a specific network and adapt its behavior accordingly. The real problem to be solved, though, is putting network traffic into context. Is a sudden flood of outbound email being caused by the weekly e-newsletter going out, or by a compromised machine sending out spam? Is a request to list all database tables a hacker fingerprinting a database, or an administrator performing necessary duties? To be able to handle such situations, firewalls will need to integrate ever more closely with authentication systems and other perimeter defenses to add context to the traffic being monitored.
Combating application-layer attacks will always require more than just a firewall, though, no matter how sophisticated they become. Responsibility also lies with application development teams to ensure traffic that comes through the firewall is verified and cleansed before being passed on to application processes that it might try to subvert. Whatever firewall or perimeter defenses are in place, it is still necessary to assume all data originates from an untrusted source. Also remember firewalls will never prevent phishing and social engineering attacks. This means that -- as is the case with all information security efforts -- the last line of defense is employee security awareness.
Dig Deeper on Application Firewall Security
Related Q&A from Michael Cobb
The latest version of Google's mobile operating system addresses some key enterprise security concerns. Expert Michael Cobb explains what's new in ...continue reading
The NIST has changed its recommendations on random number generation for cryptographic keys. Expert Michael Cobb outlines the changes and explains ...continue reading
Address bar spoofing attacks can be detrimental to an organization. Expert Michael Cobb details several vulnerabilities and explains how to defend ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.