Page 810 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 810

cases, having a multilevel firewall provides greater control over
               filtering traffic. Regardless, we’ll cover the various firewall types and

               discuss firewall deployment architectures as well:

               Static Packet-Filtering Firewalls A static packet-filtering firewall
               filters traffic by examining data from a message header. Usually, the
               rules are concerned with source, destination, and port addresses.
               Using static filtering, a firewall is unable to provide user
               authentication or to tell whether a packet originated from inside or

               outside the private network, and it is easily fooled with spoofed
               packets. Static packet-filtering firewalls are known as first-generation
               firewalls; they operate at layer 3 (the Network layer) of the OSI model.
               They can also be called screening routers.

               Application-Level Gateway Firewalls An application-level
               gateway firewall is also called a proxy firewall. A proxy is a
               mechanism that copies packets from one network into another; the

               copy process also changes the source and destination addresses to
               protect the identity of the internal or private network. An application-
               level gateway firewall filters traffic based on the internet service (in
               other words, the application) used to transmit or receive the data.
               Each type of application must have its own unique proxy server. Thus,
               an application-level gateway firewall comprises numerous individual
               proxy servers. This type of firewall negatively affects network

               performance because each packet must be examined and processed as
               it passes through the firewall. Application-level gateways are known as
               second-generation firewalls, and they operate at the Application layer
               (layer 7) of the OSI model.

               Circuit-Level Gateway Firewalls Circuit-level gateway firewalls
               are used to establish communication sessions between trusted
               partners. They operate at the Session layer (layer 5) of the OSI model.

               SOCKS (from Socket Secure, as in TCP/IP ports) is a common
               implementation of a circuit-level gateway firewall. Circuit-level
               gateway firewalls, also known as circuit proxies, manage
               communications based on the circuit, not the content of traffic. They
               permit or deny forwarding decisions based solely on the endpoint
               designations of the communication circuit (in other words, the source

               and destination addresses and service port numbers). Circuit-level
   805   806   807   808   809   810   811   812   813   814   815