Page 1230 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1230
traffic using TCP ports 80 and 443, respectively. (Chapter 11 covers
logical ports in more depth.)
ICMP uses a protocol number of 1, so a firewall can allow ping traffic
by allowing traffic with a protocol number of 1. Similarly, a firewall can
allow IPsec Encapsulating Security Protocol (ESP) traffic and IPsec
Authentication Header (AH) traffic by allowing protocol numbers 50
and 51, respectively.
The Internet Assigned Numbers Authority (IANA)
maintains a list of well-known ports matched to protocols. IANA
also maintains lists of assigned protocol numbers for IPv4 and
IPv6.
Second-generation firewalls add additional filtering capabilities. For
example, an application-level gateway firewall filters traffic based on
specific application requirements and circuit-level gateway firewalls
filter traffic based on the communications circuit. Third-generation
firewalls (also called stateful inspection firewalls and dynamic packet
filtering firewalls) filter traffic based on its state within a stream of
traffic.
A next-generation firewall functions as a unified threat management
(UTM) device and combines several filtering capabilities. It includes
traditional functions of a firewall such as packet filtering and stateful
inspection. However, it is able to perform packet inspection
techniques, allowing it to identify and block malicious traffic. It can
filter malware using definition files and/or whitelists and blacklists. It
also includes intrusion detection and/or intrusion prevention
capabilities.
Sandboxing
Sandboxing provides a security boundary for applications and
prevents the application from interacting with other applications.
Anti-malware applications use sandboxing techniques to test unknown
applications. If the application displays suspicious characteristics, the
