Our DSL uses security assertions to express properties that packets must have to be allowed through the network (e.g., “IMAP packet contains no executable attachment” or “SQL reply contains only explicitly permitted columns”), along with remedies that either reject or rewrite undesirable packets. We present the first declarative language for application-level network filtering, developed at Advenica AB. Existing application-level filters express their filtering rules in general-purpose languages, which limits the correctness guarantees available for them. With the comprehensive traffic analysis through the application level gateway, genugate offers a significantly higher level of security than so-called next generation firewalls, which usually function with deep packet inspection or pattern matching and check only a random sample of the data contents.Application-level packet filtering is a technique for network access control in which an “application-level gateway” intercepts network packets at the application level (e.g., HTTP, FTP), scans them for security concerns and optionally logs, rewrites or discards them. The application level gateway can also secure cloud usage by, e.g., only allowing uploads to external services if the data is encrypted. Only then is the data passed on via a new connection. Filtering is now performed and, depending on the configuration, undesired and dangerous data such as active content, viruses or even spam are reliably blocked. Many risks, such as through the extended headers with IPv6, are thereby excluded.Īfter the connection is terminated, the packets are assembled like a puzzle, since a content check is only possible using complete data sets. The gain in security through this feature: attacks are not possible on the network level. To this end, the incoming data packets are first stopped – the application level gateway does not permit a direct connection between the Internet and the local network. This sophisticated security system checks the content of the entire data stream. Application Level Gateway Screens Data ContentĪt the heart of the genugate solution is the application level gateway.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |