Application Firewalls Clause Samples

Application Firewalls. A newer trend in stateful inspection is the addition of a stateful protocol analysis capability, referred to by some vendors as deep packet inspection. Stateful protocol analysis improves upon standard stateful inspection by adding basic intrusion detection technology — an inspection engine that analyses protocols at the application layer to compare vendor-developed profiles of benign protocol activity against observed events to identify deviations. Another feature found in some application firewalls involves enforcing application state machines, which are essentially checks on the traffic’s compliance to the standard for the protocol in question. This compliance checking, sometimes called ―RFC compliance‖ because most protocols are defined in RFCs issued by the Internet Engineering Task Force (IETF), can be a mixed blessing. Many products implement protocols in ways that almost, but not completely, match the specification, so it is usually necessary to let such implementations communicate across the firewall. Compliance checking is only useful when it detects and blocks communication that can be harmful to protected systems. Firewalls with both stateful inspection and stateful protocol analysis capabilities are not fully fledged intrusion detection and prevention systems (IDPS), which usually offer much more extensive attack detection and prevention capabilities.