PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2004

Firewall comparison: Packet-filtering firewalls versus proxy firewalls

The firewall industry split into two camps in the early '90s. On one side was the traditional proxy-based firewall gang; on the other were some upstarts, led by Check Point Software Technologies, looking for faster technology and greater flexibility with packet-filtering. The debates were furious, the mud-slinging intense, but the market eventually sided with Check Point. Today, stateful packet-filtering firewalls account for more than 90% of the market. The technology is so commonplace that packet filtering is built into $99 SOHO devices. However, the proxy firewall folks haven't rolled up their tents yet. They continue to sell product because their basic argument holds true: Proxy firewalls, with two independent TCP connections for each application, can be more secure than packet filters. With no IP-layer packets passing directly between the inside and the outside, proxies are inherently immune to most kinds of reconnaissance and spoofing attacks. Proxy-based firewalls can easily do all kinds of application-layer validity ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue

  • The security improvements of Microsoft ISA Server 2004

    by  Victor R. Garza

    In an effort to bolster its security image, Microsoft is going to release its ISA Server 2004 later this year. Here you will learn about the security improvements of Microsoft ISA Server 2004.