What is Application and Session Layer Firewall?

Questions and answers about network security.

Session layer firewalls are also commonly known as circuit level gateways or circuit level firewalls. They operate at the session level of the OSI reference model and use NATto protect internal systems from outside attackers.

The protection that is provided by these kinds of firewall is basic and is done through the use of source/destination IP addresses as well as port numbers. The session layer firewalls are not able to detect high level attacks or breach attempts that occur at the application layer.

So this means that users either on the outside or the inside could get through the session layer firewall by using standard applications with non-standard ports. For example, if someone wants to connect to a telnet server across the firewall, they would do it by changing the port to 80. The firewall wouldn’t be able to pick up on that, because as it is standard port 80 web traffic, it would be allowed.

In effect, session-based firewalls are nothing but access lists similar to those found in routers and are easy to bypass or get around.

Application-layer firewalls on the other hand have the capability of acting as a proxy in either or both direction and thus have the capability of protecting the sources from the users and the users from the sources.

Thus, application-layer firewalls mediate the traffic between the source and the destination and this provides a better view of the traffic that is passing through the firewall.

Application-layer firewalls can also be used to publish the server on the LAN to make it internet facing and provide the optimum level of security that it deserves. Users on the internet will be visiting the published port on the firewall where the traffic will be scanned and then passed on to the server.

Application-layer firewalls can be made more effective by building more stringent security functions onto them and by giving them the ability to scan deeper into the packets that they are travelling across. This gives the administrators far more visibility of the traffic that is passing across the firewall and hence refine the rules based on any new requirements.

More security questions & answers