For ensuring the highest level of security, a firewall must be capable of
accessing, analyzing, and utilizing the following:
• Communication information
Information from all seven layers in the packet
• Communication-derived state
The state derived from previous communications. For example, the outgoing
PORT command of an FTP session could be saved so that an incoming FTP
data connection can be verifi ed against it.
• Application-derived state
The state information derived from other applications. For example, a previously authenticated user would be allowed access through the firewall for authorized services only.
• Information manipulation
The ability to perform logical or arithmetic functions on data in any part
of the packet
Ref - www.checkpoint.com
No comments:
Post a Comment