United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
Products  

Security Subscriptions

Appliance Upgrades

Application Layer Proxies: Beyond Packet Filtering

WatchGuard® Firebox® X Core (X2500, X1000, X700, and X500) and Firebox® Vclass (V100, V80, V60, and V60L) all use proxies to protect the functions most common to business use of the Internet:

  • They block entire categories of commonly-used attacks
  • They conceal details about your mail servers from the public Internet

This means that intrusion prevention safeguards are built-in and ready to begin working for you:

  • Get detailed and comprehensive control of your network security with configurable features and settings that are easily controlled using a simple Windows interface
  • Simplify network management by giving your administrator tools and defaults that can be applied broadly, rather than desktop-by-desktop
  • Reduce your corporate liability by preventing a hacker from using your network as a launch point for further attacks
  • Use your bandwidth more effectively by preventing unwanted or inappropriate content from entering your network

To read more about Application layer proxies, read the Why Proxies Matter white paper.

What Application Layer Proxies Do

To deflect attack attempts, Application layer proxies:

  • Stand between the client and server, examining all aspects of their dialog to verify compliance with the established protocol rules (HTTP, FTP or SMTP rules).
  • Examine the payload of all the packets passing between the server and client, and can modify or strip things that violate security policies.
  • While packet filters only examine packet headers, proxies screen the packet's content, blocking malicious code such as executable files, Java® applets, ActiveX®, and more.
  • Examine content to ensure it matches protocol standards. For example, attacks that send metacharacters intended to trick the victim machine, or attacks that overwhelm the machine with too much data. Proxies can spot illegal characters or overlong fields and block them.

The WatchGuard Application Layer Proxies

WatchGuard® Firebox® X Core (X2500, X1000, X700, and X500) and Firebox® Vclass (V100, V80, V60, and V60L) models all use proxies to protect the functions most common to business use of the Internet:

SMTP Proxy
HTTP Proxy
FTP Proxy


SMTP Proxy (SimpleMail Transfer Protocol)

Inspects the content of incoming and outgoing e-mail to protect your network from danger.
  • Filters content to deny executable attachments.
  • Filters address patterns for allowed or denied e-mail.
  • Filters out malformed e-mail headers.
  • Recognizes masqueraded domain names and message IDs.
  • Specifies the maximum number of message recipients to alleviate spam.
  • Specifies the maximum message size to thwart mail bombing attacks.
  • Allows specific characters in e-mail addressing.

HTTP Proxy (Hypertext Transfer Protocol)

Monitors Web traffic, blocking traffic attempting to enter through ports other than port 80, selectively filtering content to protect your Web clients.
  • Forces strict compliance with established Web standards for Web traffic.
  • Filters potentially dangerous MIME content types.
  • Filters Java® and ActiveX® controls.
  • Filters content to enforce your company's network use policy.
  • Removes unknown headers to defend against new attack techniques.
  • Removes cookies to defend network privacy.

FTP Proxy (File Transfer Protocol)

Controls FTP traffic, protecting the FTP server from attempts to store unauthorized files, using it to attack another FTP server, or an internal attempt to send classified data from your server through your firewall to the outside world.
  • Controls FTP server commands.
  • Controls file changes with "read-only" rules.
  • Sets time limits for quick disconnection from idle connections.

DNS Proxy (Domain Name System)

Translates from the English domain names we can readily remember, to the IP addresses computers understand.

If a DNS attack is successful, the hacker gains total control.

  • Checks for malformed headers and packets to ensure protocol conformity.
  • Filters header content selectively for header class, type, or length abnormalities.

H.323 Proxy

Controls site-to-site multi-media connections that are common to applications such as CU-SeeMe, NetMeeting, and Web cameras.
  • Limits open ports to reduce network vulnerabilities.
 

*Available on Firebox® X and Firebox® III only.