566 Chapter 15: Network Security Technologies
Figure 15-8
Application Proxy
Proxy-type firewalls have a number of benefits:
·
Good auditing capabilities--Application proxies typically have programs for auditing
user transactions that are superior to those of regular types of firewalls. As soon as users
are logged into an account, their transactions to the Internet can be monitored and logged.
·
Permissions--You can control users by placing access permissions on their accounts.
Filtering by permissions is a way to restrict what Web sites internal users can access on
the Internet.
·
Application layer filtering of data--Packet-filter routers and other types of firewalls
usually do not look into a packet higher than Layer 4. Application proxies can look into
the layers all the way up to Layer 7.
Proxy-type firewalls also have disadvantages:
·
Low throughput and high latency--This occurs because the application proxy must go
further into the packet than the other types of firewalls. The application proxy looks into
the upper layers--specifically, Layers 5 through 7. A rule of thumb is that the higher the
layer, the more time it takes to filter.
·
It's difficult to add new services--Adding new services might require software patches
to be added to some of the currently installed software programs. Another possibility is
that the system might have to be taken offline, creating an inconvenience for users.
Internet
Perimeter router
Network 192.168.1.0
Network interface card
Network interface card
Clients
Clients
Application
proxy
No IP routing, static
routes
Network 10.1.1.0
87200333.book Page 566 Wednesday, August 22, 2001 1:41 PM