Conventional firewalls maintain the
session information details up to Layer 4, whereas the Security Appliance adds another tier of security by
extending its inspection in the data payload at Layer 7.
With the application-layer awareness, Security Appliance performs deep packet inspection in the data payload
for any malicious activity. As shown in Figure 6-4, when the Security Appliance receives a packet that is of wellknown
application protocol (such as HTTP), it further examines the packet for respective application operation to
check for adherence to RFC standards and compliance operations to ensure there is no malicious intent. If the
packet is crafted maliciously with unauthorized, nonstandard activity and found to be performing noncompliance
operations (illegal commands), the packet is blocked. In a conventional access-list filtering, this packet would be
allowed, because only the Layer 3 and Layer 4 information in the packet would be checked.
Figure 6-4. Application Layer Intelligence
[View full size image]
The Security Appliance armed with the application intelligence provides protection from several types of network
attacks that use the embedding technique to pass malicious traffic encapsulating in well-known application
protocols.
Pages:
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262