Skip to main content

Application vs Ports Based Security

 Next Generation firewall is all about inspecting the payload at Layer 7 or also called application layer. The content payload must be checked in order to fully utilize the privilege of NGFW. So what ultimate is the difference between application layer inspection and port based protection. Let me briefly describe the difference.

Port Based Security 

Port based security or policy will allow anyone who matches TCP port traffic along with source and destination . Providing protection based on port protection is just a legacy way of protecting any application or end host. NGFW is not required to make use of port based security. Protecting based on service will only provide protection till layer 4 and will not be able to see the underlying application which could be tunneled and lead to attack or to unintended destination as well. We will also loose the ability to become more granular. For example  we only want to allow some specific application on port 80 to be allowed and not all the application related to port 80. 


Application Based Security

Application Based Security will leverage the use of Next Generation Firewall and make deep packet inspection in other words will check the bit and bytes of the payload that transverse the firewall. Tunneling traffic making use of Service will not be allowed and will get blocked. For Example if we are using DNS as our application and if someone used port 53 and tries to tunnel the traffic to something else than UDP port 53 than it simply not allow it. This will provide us more granular control . For Example :  Block facebook chat or video but allow facebook application to work.


Application layer protection must be used in conjunction with port based security which will help us in localizing the traffic in layer 4 as well provide deeper layer of inspection for more granular and effective control of end host or an application.  

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

SAN Switch Zoning with Brocade

Zoning in Brocade SAN Switch Let's begin with resetting the switch completely. In my environment I have two brocade SAN Switch connecting to 2 Dell R940 server configured with VMware. The SAN switch will be having connectivity between Dell Unity 500 storage and Dell R940 servers. Multipathing will be done between the server and storage with the help of SAN Switch. Multipathing, also called SAN multipathing or I/O multipathing, is the establishment of multiple physical routes between a server and the storage device that supports. It results in better fault tolerance and performance enhancement. DESIGN The idea behind zoning is that intended WWPN talk with each other . This is more like ACL in the world of Ethernet. To see the devices which are logged into the switch the following commands can be executed. SAN-A:admin> switchshow switchName: SAN-A switchType: 118.1 switchState: Online switchMode: Native switchRole: Principal switchDomain: 1 switchId: ...
Post a Comment
Read more

Device Mapper Multipath with LVM in Oracle Linux

This blog describes you the step by step procedure for configuring multipath in liunx using Device Mapper and will also help you understanding what Device Mapper is. Simply stating Device Mapper is an interface to Linux Kernel which helps us to configure multiple I/O path between the server and the storage arrays.  Device Mapper interface allows the linux kernel to communicate with LVM Logical Volumes, EVMS Volumes , Software RAID, multipath and many other solutions. Multipathing is a must for all those mission critical applications as we all know that data is the most important thing in an enterprise network . Let me now share the installation process for multipathing. Installing Device Mapper #yum install device-mapper-multipath -y #rpm -qa | grep device-mapper Enabling Multipath #cp /usr/sare/doc/device-mapper-multipath - */multipath.conf   /etc/multipath.conf #mpathconf -enable -user_firendly_names n #modprobe dm_multipath #lsmod | grep dm_multip...
Post a Comment
Read more

Upgrade Catalyst C9500

Upgrading Catalyst 9500 series switch is relatively easy. The one that I'm going to upgrade today is on Install mode containing packages.conf file. Install mode consumes far less resources in compared to the traditional bundle mode and has some advantage like auto upgrade when configured in stacked mode. We can talk about the difference between bundle and install mode later on. Let's focus on upgrading the Catalyst 9500 switch. Switch I am trying to upgrade is in 17.03.03 which has some bugs and security vulnerabilities. I am upgrading it from 17.03.03 to 17.6.5(MD) golden image present in the cisco download site for C9500 series switch and also reading down the linked document from cisco that is what they recommend. You can have a look at it . https://www.cisco.com/c/en/us/support/docs/switches/catalyst-9300-series-switches/221498-recommended-releases-for-catalyst-9200-9.html We will first need to create FTP username and password in the switch. The username and password must b...
1 comment
Read more