What risks will I run by not implementing an application-layer firewall? Am I leaving myself wide open by not using an application-layer firewall?
Application-layer filtering firewalls are required to protect networks from modern attackers because attackers now focus their efforts on developing exploits against weaknesses in the services they attack. Since the application layer is the least protected layer, attackers use a variety of application-specific exploits and target the known and unknown weaknesses in server services in order to take control. For example: Stateful inspection firewalls just don't detect worms that are injected as a malicious code within the protocols, since they only look at network-layer packet headers. Worms require a deep inspection for identifying the signatures and the stream to that particular session to analyze the content. An application-layer filtering firewall is able to examine the application-layer commands and data to determine whether the content or commands being sent to a server on the corporate network fall outside the bounds of valid connection attempts.
Another good example of the application layer-risk is buffer overflow attacks against server services. This is one of the most common methods attackers use to disable a network service and potentially take control of the server running the network service. For instance, to initiate an attack, the attacker can craft a packet containing oversized SMTP commands and then send them to an SMTP mail server. If the mail server implementation has a known or unknown buffer overflow weakness, the attack could disable or take over the server. An application-layer firewall is capable of filtering the SMTP traffic and blocks the buffer overflow attempt at the firewall itself, preventing the attack to get past the firewall.
Related Q&A from Puneet Mehta
To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: http://...continue reading
Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ...continue reading
Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.