BradReese.Com Instant Quotes

Home About Repair Power Supplies Refurbished Blog Quick Links Site Map Contact Us

 
Brad Reese speaks out
Archive
  Help

Aironet

Power Supplies

VoIP Gateways

Cisco Repair

Refurbished Cisco

Cisco CPQRGs

New Cisco

New HP ProCurve

Cisco Tools

Competitive Lab Tests

Tech Forums

How-to Tutorials

CCIE Gossip

Blogroll

 
View archive of Brad Reese speaks out

Subscribe to Brad Reese speaks out

Download for FREE - Enterprise Application Firewalls for Dummies
Tue, 1/11/11 - 5:44am    View comments

I couldn't help myself, I just had to "rename" the book below that's now available for immediate FREE download:

Download for FREE - Next-Generation Firewalls for Dummies

The wide variety of higher-order applications riding on top of HTTP and HTTPS, whether or not they actually serve a legitimate business purpose, are practically indistinguishable for older network security solutions and the most commonly found applications that can port-hop are a combination of business and personal use applications (as shown below). Of these, only three are browser-based (Sharepoint, Mediafire, and Ooyla); the others are peer-to-peer or client-server.

Most Frequently Detected Applications that can Hop Ports

Traditional "port-based" firewalls have basically gone blind. Besides being unable to account for common evasion techniques such as port hopping, protocol tunneling, and the use of nonstandard ports, these firewalls simply lack the visibility and intelligence to discern which network traffic:

  • Corresponds to applications that serve a legitimate business purpose.
  • Corresponds to applications that can serve a legitimate business purpose but, in a given instance, are being used for unsanctioned activities.
  • Should be blocked because it includes malware or other types of threats, even though it corresponds to legitimate business activities.
Port-based firewalls can't see or control applications

Port-based firewalls canít see or control applications

Establishing port and protocol is an important first step in application identification but, by itself, is insufficient. Robust application identification and inspection enables granular control of the flow of sessions through a firewall based on the specific applications that are being used, instead of just relying on the underlying set of often indistinguishable network communication services as shown below.

Application-centric traffic classification identifies specific applications flowing across the network, irrespective of the port and protocol in use

Application-centric traffic classification identifies specific applications flowing across the network, irrespective of the port and protocol in use

Application identification techniques used in NGFWs (next-generation firewalls):

  • Application protocol detection and decryption - Determines the application protocol (for example, HTTP) and, if SSL is in use, decrypts the traffic so that it can be analyzed further. Traffic is reencrypted after all the identification technologies have had an opportunity to operate.
  • Application protocol decoding - Determines whether the initially detected application protocol is the "real one," or if it is being used as a tunnel to hide the actual application (for example, Yahoo! Instant Messenger might be inside HTTP).
  • Application signatures - Context-based signatures look for unique properties and transaction characteristics to correctly identify the application regardless of the port and protocol being used. This includes the ability to detect specific functions within applications (such as file transfers within IM sessions).
  • Heuristics - For traffic that eludes identification by signature analysis, heuristic (or behavioral) analyses are applied, enabling identification of any troublesome applications, such as P2P or VoIP tools that use proprietary encryption.
NGFW techniques used to identify applications regardless of port, protocol, evasive tactic, or SSL encryption

NGFW techniques used to identify applications regardless of port, protocol, evasive tactic, or SSL encryption

The above is just a taste of what to expect, download the book now for FREE!


What's your take, am I bad for "renaming" this book?

Contact Brad Reese

Subscribe to Brad Reese speaks out

Brad's Favorite Story Picks

  1. Cisco 4G LTE Wireless WAN WICs: EHWIC-4G-LTE-A, EHWIC-4G-LTE-G, EHWIC-4G-LTE-V
  2. A whopping 75% of Cisco's new job creation was in locations outside the United States
  3. HP networking Cisco trade-in program - A Catalyst for Change
  4. WikiLeaks vs. Cisco and it appears Cisco has won!
  5. Cisco's SP edge router market share down -12% since 2005
  6. 14% of Cisco CCIEs appear to be inactive or suspended
  7. HP E5400 zl and HP 8200 zl switches vs. Cisco Catalyst 3750-X and 4500 switches
  8. Cisco's blonde bombshell appointed Monsanto board director
  9. Cisco CEO John Chambers appears to have knowingly lyed to Wall Street
  10. Slide presentation detailing Cisco's strategy for acquiring LineSider
  11. Cisco's 2010 annual meeting of shareholders visual slide presentation
  12. Cisco's management and employees appear to have pocketed $32 billion of Cisco shareholder cash
  13. Cisco's tax scandal growing $1.510 million per day
  14. Cisco earned lowly niche player status in new Gartner magic quadrant report while simultaneously losing market share
  15. Why it's going to get ugly at Cisco
  16. Aruba beats Cisco in WLAN user survey as revenue soars +44%
  17. Aruba Networks Q1'FY11 sales expected to increase +47% Y/Y
  18. According to the stock market, Cisco's issues appear to be Cisco specific
  19. Padmasree Warrior is leading Cisco's sequentially declining security and switch sales
  20. View archive of Brad Reese speaks out
 
blog comments powered by Disqus

Brad Reese music work ambience

Supplement Cisco SMARTnet Contracts

 

©2011 BradReese.Com - Home - About - Repair - Power Supplies - Refurbished - Blog - Quick Links - Site Map - Contact Us