Cryptography Reference
In-Depth Information
Lastly, these gateways can be used for caching (as described in Footnote
8.14), and may be employed for user authentication.
There are some disadvantages to application gateways such as the fact
that the local network cannot run a network server on the firewall server.
Also, if a new protocol has to pass through the gateway, a new proxy has to
be implemented, which causes ineJciencies. Moreover the complication of
the process further reduces eJciency since modifications to configurations
often have to be made.
Diagram 8.27 Application Level Gateway/Firewall
Application Gateway
P
R
O
X
Y
P
R
O
X
Y
I
N
T
E
R
N
E
T
N
LE
OT
CW
AO
LR
K
−−−−−−−−−−−−−−→
Application
Protocol Analysis
←−−−−−−−−−−−−−−−−
←→
←→
C
L
I
E
N
T
S
E
R
V
E
R
4.
Circuit-Level Gateway
: These firewalls are very fast, but have limited
security checks. They are a type of proxy server where a virtual “circuit”
is established between the local network and the proxy server, which re-
ceives requests, via the circuit, from Alice in the local network; and after
changing the IP address, delivers data to the Internet host. Any user out-
side the local network sees only the IP address of the proxy server, and
when it receives a response, it is relayed back through the circuit to Alice.
The security checks are restricted to the firewall's checkingof permissions
for Alice to send her message to the Internet, based on local security
policy, and whether the target Internet host has permission to receive
Alice's data. If a connection is established, no further checks are done.
Hence, circuit-level gateways are best used when Alice is a trusted local
network user.
These gateways transmit TCP connections, such as TELNET, wherein
once the connection is established, the firewall forwards data unrestricted.
Search WWH ::
Custom Search