How is a network security system that monitors and controls incoming and outgoing out of traffic based on predetermined security rules?
Answers
Answered by
0
Let us assume that the system you are talking about is a firewall with Intrusion Prevention Capabilities (IPS). These systems usually run at level 3 or level 7 of the OSI ( Open Systems Interconnectivity ) model.
If a firewall is working at level 3 then it is able to view information upto the IP address and the source / destination port. Nothing beyond that. For such cases, the rules will be as follows:
1. Block all connections going to a particle IP address.
2. Block all connections coming from a particular IP address
3. Block all connections coming to a particular port number.
For such cases the system looks at each traffic and matches the conditions. If the conditions are satisfied then the action is performed.
If a firewall is working in level 7 then it is usually called a Web Application Firewall ( WAF ). These firewalls are able to view the complete packet upto the application level. They aggregate all the packets for a given connection and then view them together. This they are able to see the entire query ( for example, a search query ). These systems have the following rules:
1. If the url contains HTML scripts in them then tag them as an attack and terminate the connection.
2. If the url contains SQL queries then tag them as SQL injection and terminate the connection.
When a connection is received and the rules are satisfied then the action is performed
If a firewall is working at level 3 then it is able to view information upto the IP address and the source / destination port. Nothing beyond that. For such cases, the rules will be as follows:
1. Block all connections going to a particle IP address.
2. Block all connections coming from a particular IP address
3. Block all connections coming to a particular port number.
For such cases the system looks at each traffic and matches the conditions. If the conditions are satisfied then the action is performed.
If a firewall is working in level 7 then it is usually called a Web Application Firewall ( WAF ). These firewalls are able to view the complete packet upto the application level. They aggregate all the packets for a given connection and then view them together. This they are able to see the entire query ( for example, a search query ). These systems have the following rules:
1. If the url contains HTML scripts in them then tag them as an attack and terminate the connection.
2. If the url contains SQL queries then tag them as SQL injection and terminate the connection.
When a connection is received and the rules are satisfied then the action is performed
Similar questions