Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Application firewall
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Description == [[Application layer]] filtering operates at a higher level than traditional security appliances. This allows packet decisions to be made based on more than just source/destination IP Address or ports and can also use information spanning across multiple connections for any given host. === Network-based application firewalls === {{see also|Web application firewall}} Network-based application firewalls operate at the application layer of a [[protocol stack| TCP/IP stack]]<ref>{{cite book|title=The Weakest Security Link Series|edition=1st|url=https://books.google.com/books?id=Yz34zXV7VB8C&q=application+layer+firewall&pg=PA54|author=Luis F. Medina|year=2003|page=54|isbn=978-0-595-26494-0|publisher=IUniverse}}</ref> and can understand certain applications and protocols such as [[File Transfer Protocol]] (FTP), [[Domain Name System]] (DNS), or [[Hypertext Transfer Protocol]] (HTTP). This allows it to identify unwanted applications or services using a non standard port or detect if an allowed protocol is being abused.<ref>{{Cite web|title=What is Layer 7? How Layer 7 of the Internet Works| url=https://www.cloudflare.com/learning/ddos/what-is-layer-7/ | access-date=Aug 29, 2020| website=Cloudflare}}</ref> Modern versions of network-based application firewalls can include the following technologies: *[[TLS acceleration| Encryption offloading ]] *[[Intrusion prevention system]] *[[Data loss prevention]] Web application firewalls (WAF) are a specialized version of a network-based appliance that acts as a [[reverse proxy]], inspecting traffic before being forwarded to an associated server. === Host-based application firewalls === A host-based application firewall monitors application [[System call| system calls]] or other general system communication. This gives more granularity and control, but is limited to only protecting the host it is running on. Control is applied by filtering on a per process basis. Generally, prompts are used to define rules for processes that have not yet received a connection. Further filtering can be done by examining the process ID of the owner of the data packets. Many host-based application firewalls are combined or used in conjunction with a packet filter.<ref name="Symantec">{{cite web|url=https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=54428548-10f1-4643-92d9-487740e72db7&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments|title=Software Firewalls: Made of Straw? Part 1 of 2|website=Symantec.com|publisher=Symantec Connect Community|date=2010-06-29|access-date=2013-09-05}}</ref> Due to technological limitations, modern solutions such as [[sandbox (computer security)| sandboxing]] are being used as a replacement of host-based application firewalls to protect system processes.<ref>{{Cite web|title=What is sandbox (software testing and security)? - Definition from WhatIs.com|url=https://searchsecurity.techtarget.com/definition/sandbox|access-date=2020-11-15|website=SearchSecurity|language=en}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)