中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeInformation, Computer and Network SecurityBasic Security Technologies

Deep Inspection Technologies and Firewalls

Deep Inspection is a technology implemented in the firewalls to protect networks. Deep Inspection firewall performs all the Stateful Inspection functions such as packet filtering, tracking communications packets and sessions over a period of time. In additionit also examines contents of packets at the application level to screen out harmful packets by matching a signature database which may contain known intrusions, virus and other harmful contents.

With the deep inspection technology, a firewall can inspect the packet payload and content and determine whether it is a known attack or a protocol anomaly. Deep Inspection technology has detectors which are build on TCP/IP protocol specifications. Deep inspection technology is built as state machines at the application layer. Each state corresponds to a part of the connection. For example, a client waiting for a server response. The transitions between the states are well defined. For example, an HTTP client sending a request for a URL using the GET command and the server responding back by sending the contents of the above URL. Any deviations from the accepted behaviour is detected by the firewall and packets dropped. To effective use Deep Inspection technologies and products, an in-depth knowledge of protocols, server operating software and applications are required.

Deep Inspection firewalls also use an Attack Object Database to store protocol anomalies and attack patterns (sometimes referred to as signatures). Packet processing in a Deep Inspection Firewall is typically described as "performing application level checks as well as stateful inspection."In other words, Deep Inspection firewall is going to provide all of the protections of a stateful firewall, as well as whatever signatures are loaded into it.

Actually, the Deep Inspection Firewall (DIF), which was first introduced by Netscreen Technologies (acquired by Juniper Networks), is just a new generation of the Stateful Inspection Firewall (SIF). There really isn't a line to be drawn between a DIF and a SIF.  

Deep Inspection Technologies and Firewalls

Deep Inspection Technologies and Firewalls

Related Terms: Firewall, Deep Inspection, Deep Inspection Firewall (DIF), Stateful Inspection, Stateful Inspection Firewall (SIF)

‹ Cryptography, Data Encryption and Decryption AlgorithmsupIPsec Virtual Private Network (IPsec VPN) ›