Figure 14-9 Stateful Firewall (Context Aware)Application-level or proxy firewall: This type of firewall protects
network resources by filtering messages at the application layer. In
addition to determining which traffic is allowed and which is denied, a
proxy firewall uses stateful inspection and deep packet inspection to
analyze incoming traffic for signs of attack. The key benefit of
application-layer filtering is the ability to block specific content, such as
known malware or content from individual websites. A proxy firewall
can recognize when particular applications and protocols, such as
Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and
Domain Name System (DNS), are being misused. As the firewall sees
incoming packets, it inspects each protocol in the stack, noting the
various states. At Layer 7 (the application layer), the firewall looks up
the rules and applies them to incoming packets. Based on the system
rules, it may perform other functions, such as URL filtering, data
modification, logging, and object caching.
Next-generation firewall: Some standard features of next-
generation firewall architectures include deep-packet inspection
(checking the actual contents of the data packet), TCP handshake
checks, and surface-level packet inspection. Next-generation firewalls
may include other technologies as well, such as intrusion prevention to
stop attacks against a network automatically.Intrusion Detection Systems (IDSs)
An intrusion detection system (IDS), as shown in Figure
14-10, is a passive system that monitors network traffic.
The traffic in this case is a copy of the traffic as the
network sees it. In a typical network scenario, packets or
flows are replicated in hardware and sent to the IDS. The
IDS processes the packets and detects malicious
signatures. In this case, the IDS cannot detect any