Are you looking for my non-technical blog?

This is now my technical-only blog, my non-technical blog is here.

03 October 2005

Deep Inspection

Deep Inspection is the name of a technology created by NetScreen - acquired by Juniper now - in order to make the Firewalls able to look in the application Layer instead of being limited to the Layer-3 and Layer-4 fields - IP Addresses, Protocol, and Ports. The problem with normal Firewalls was that they were not able to do anything beyond blocking some traffic based on the source and destination addresses and the service used like HTTP, Mail, Telnet, etc. Some applications like FTP and some of Real Time Voice used two streams one for Control the other for Data, and the Data stream was created dynamically based on information passed in the Control stream, so traditional firewalls were not able to deal with such traffic as thy were not able to parse the control stream and open the required ports for the data stream. One more problems was the applications like Kazaa, ICQ, MSN, and Shareaza that use the same ports as other applications, e.g. HTTP and DNS. So the firewalls were required to look in the Application Layer in order to differenciate between these different applications and take actions based on that. That's why Deep Inspection (DI) and Application Layer Gateways (ALG) technologies were created. One of the main advantages of Deep Inspection on NetScreen firewalls that you can add some signatures and take action - Drop or Close the Connection - when the traffic matches them. This is to make firewalls inherit some of the Intrusion Detection capabilities and adding an extra layer of security to your network perimeter.

Tags: , ,