Application firewalls: filling the void

Application firewalls are designed to make data safer by analysing traffic at a higher layer of the network stack. Rather than simply conducting port-level analysis they carry an awareness of the application that is being accessed and are able to see what traffic packets are doing, comparing them against pre-configured sets of rules. There are challenges associated with the design, implementation and maintenance of firewall systems. For example, what happens when analysing encrypted traffic, and should designers implement a positive or negative security model? What is the likely performance impact on the application, and how can application developers and network administrators work together effectively when deploying and maintaining application firewalls? Security expert Tom Rowan takes an in-depth look at the choices to make when configuring an application firewall system, and the pros and cons of each. Organisations of all types are doing more business online. Business processes that were hidden in the back office are now being brought out into the open. As more businesses expose their corporate data - and that of their customers - to the internet, the firewall technology that protects them has had to evolve. © 2007 Elsevier Ltd. All rights reserved.