34,333
edits
Changes
→Proxy Service Firewalls
== Proxy Service Firewalls ==
A proxy service firewall is placed between the internet and an internal network of computers and acts as a go-between for the two environments. With a proxy service in place, internal client computers do not connect directly to outside resources. Instead they connect to the proxy server which in turn connects with the external resource on behalf of the client, thereby masking the internal IP address of the client. Any response from the external resource is handled by the proxy service and passes them along to the client that originally requested the data.
Under such a scenario no internal system are ever in direct contact with a remote server or service and all internal IP addresses are masked by the proxy server. Proxy servers can also provide caching functions, where web pages which are frequently accessed by internal clients are stored by the server such that they can quickly be supplied when requested by the client leading to faster response times. Proxy service firewalls are available in two basic forms, ''Circuit-level gateway'' which works at the Session layer of the OSI model to verify that all sessions are legitimate and ''Application level-gateway'' which works at the OSI Application layer to control traffic of particular types (such as HTTP, FTP and SNMP).
== Stateful Inspection Firewalls ==
Stateful-inspection firewalls (also known as dynamic packet filtering firewalls) operate at the OSI Network layer and combine some features of both packet-filtering and proxy server firewalls. A stateful-inspection firewalls not only examines the header information of packets, but also monitors sessions to ensure that they are legitimate and maintains state tables for each connections. Using these state tables, every packet received by the firewall can be viewed within the context of preceding traffic, allowing malicious data to be intercepted and blocked.
== Routers ==