Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2004

Firewall comparison: Packet-filtering firewalls versus proxy firewalls

The firewall industry split into two camps in the early '90s. On one side was the traditional proxy-based firewall gang; on the other were some upstarts, led by Check Point Software Technologies, looking for faster technology and greater flexibility with packet-filtering. The debates were furious, the mud-slinging intense, but the market eventually sided with Check Point. Today, stateful packet-filtering firewalls account for more than 90% of the market. The technology is so commonplace that packet filtering is built into $99 SOHO devices. However, the proxy firewall folks haven't rolled up their tents yet. They continue to sell product because their basic argument holds true: Proxy firewalls, with two independent TCP connections for each application, can be more secure than packet filters. With no IP-layer packets passing directly between the inside and the outside, proxies are inherently immune to most kinds of reconnaissance and spoofing attacks. Proxy-based firewalls can easily do all kinds of application-layer validity ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close