Header
Home | Set as homepage | Add to favorites
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey, 

Home : CCSP-Cisco Certified Security Professional : Application Inspection

Application Inspection

image


 

The PIX Firewall ASA performs stateful application inspection to provide secure use of external applications and services. In some cases, this involves monitoring for and defending against threatening traffic patterns or activity. In other cases, application inspection is used to facilitate outside connections for specific protocols.

Establishing and maintaining outside connections is easy enough with many applications because all address and port information is established by the inside client in its initial transmission to the outside host. But some sessions require special attention from the PIX Firewall application inspection function. Specifically, those applications and protocols that embed IP address information in the data portion of the packet or those that open additional channels on dynamically assigned ports create impossible problems for standard access list filtering.

Because the application inspection feature can look at the upper layer portions of the packet, it can work with NAT to identify embedded address information. NAT can then translate those embedded addresses and, equally important, update any checksum or other fields affected by the translation. Without this attention to detail, the packets could easily be rejected by the destination host or the firewall.

Note, like CBAC in Chapter 6, this application-inspection function is meticulously programmed for a limited number of common programs or protocols. Application inspection uses upper-level field information and a knowledge of the application/protocols processes to make “informed” decisions about what’s expected and what returning traffic should be allowed.

This application-aware capability allows application inspection to monitor and permit dynamic port number usage by those supported protocols that open additional TCP or UDP ports to improve performance. These applications use the initial session well-known port numbers to negotiate additional dynamically assigned port numbers, which are then opened by the PIX for only the life of the session. The alternative would be the permanent opening of ranges of port numbers and the inherent vulnerability associated with that.

78 times read

Related news
» Supported Applications and Protocols
by alperen posted on Feb 06,2010
» The fixup protocol Command
by alperen posted on Feb 06,2010
» Advanced PIX Firewall Features Review
by alperen posted on Feb 09,2010
» Communicating Through a Firewall
by admin posted on Jul 17,2008
» CBAC Advantages
by alperen posted on Sep 10,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
Website Statistics
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.