Application vs Ports Based Security

Next Generation firewall is all about inspecting the payload at Layer 7 or also called application layer. The content payload must be checked in order to fully utilize the privilege of NGFW. So what ultimate is the difference between application layer inspection and port based protection. Let me briefly describe the difference.

Port Based Security

Port based security or policy will allow anyone who matches TCP port traffic along with source and destination . Providing protection based on port protection is just a legacy way of protecting any application or end host. NGFW is not required to make use of port based security. Protecting based on service will only provide protection till layer 4 and will not be able to see the underlying application which could be tunneled and lead to attack or to unintended destination as well. We will also loose the ability to become more granular. For example we only want to allow some specific application on port 80 to be allowed and not all the application related to port 80.

Application Based Security

Application Based Security will leverage the use of Next Generation Firewall and make deep packet inspection in other words will check the bit and bytes of the payload that transverse the firewall. Tunneling traffic making use of Service will not be allowed and will get blocked. For Example if we are using DNS as our application and if someone used port 53 and tries to tunnel the traffic to something else than UDP port 53 than it simply not allow it. This will provide us more granular control . For Example : Block facebook chat or video but allow facebook application to work.

Application layer protection must be used in conjunction with port based security which will help us in localizing the traffic in layer 4 as well provide deeper layer of inspection for more granular and effective control of end host or an application.

Comments

SSL Decryption FortiGate

We have pretty much heard about SSL decryption and of malware hiding inside an encrypted traffic. A large amount of traffic in the internet is pretty much encrypted which basically means that bad things like malware, virus, ransomware can hide inside this encrypted traffic. If majority of these traffic are encrypted our Firewalls are not able to analyze these traffic which can easily infect our organization and the investment which we have done in these firewalls are wasted. There does come around a solution for this and as my topic suggest SSL Decryption also know as Deep Packet Inspection as by some IT folks. The image that I have attached down below clearly suggest about what I am trying to explain. Using deep packet inspection, the firewall simply decrypts the encrypted traffic happening between client and server, inspects the content to find the threats and block them , then forwards it to the destination re-encrypting it . We will need to first setup the SSL/SSH in...

High Availability Palo Alto (Active/Standby)

High Availability is usually performed in most of the data centers networks today which ensures application availability . High Availability is usually achieved in case one of the appliance goes down or have some physical or logical connectivity issues. Achieving high availability in Palo Alto firewall is relatively very easy. Palo Alto firewall can work in both Active/Standby mode or in Active/Active. We will basically be talking about Active/Standby mode in this article. There are basically two links that needs to be configure in Palo Alto for HA. 1. Control Links Control Links are associated with control plane traffic which is mainly used for heartbeat exchanged, configuration synchronization. Dedicate HA ports are available in higher series of Palo Alto or even a HA interface can be created for some inband ports. 2. Data Links Data Links are mainly used for session synchronization, forwarding table synchronization. Dedicated HSCI Ports are available for highe...

Virtual Chassis Juniper EX 3400 (PREPROVISONED)

Juniper has always been an technology that I have always liked right from the beginning of my career when I was working as an Jr Network Administrator. The logical command as well as the hierarchy based Juniper devices has always made me love the device. Let me today talk about a very useful and an interesting topic which we usually called stack in the world of Cisco and virtual chassis in the world of Juniper, both of them mean the same thing logically make two or more than two switch as a one and configure and manage the device as a single unity. High Availability, managed configuration and maintenance are few of the benefits that a virtual chassis can provide. The configuration for virtual chassis can be found easily in the juniper sites but my objective about writing this is making it more simpler in context to Juniper's document. There are basically two ways of configuring virtual chassis in Juniper. 1. Nonprovisioned configuration : The master switch assig...

Packet Pushers

Search This Blog