Article | REF: TE7550 V2

Firewalls. The pocketknife for enforcing computer security

Author: Maryline LAURENT

Publication date: October 10, 2017, Review date: January 3, 2024

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

Français

7. Circuit-level gateway

What circuit-level gateways (TCP) have in common with application-level gateways is that they require two connections to be established: one between the client and the gateway, and another between the gateway and the server. The similarities end there, as circuit-level gateways filter at the transport layer and, unlike application-level gateways, can benefit any TCP/IP service.

The filtering performed by circuit-level gateways covers the same fields as packet filters, but control is more flexible in that the relay gateway can momentarily block traffic and thus perform additional processing. Here are the different filtering rules that can be implemented:

authorize a connection on a port for a fixed maximum duration ;
allow reuse of the same port only after a certain period of time;...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Circuit-level gateway

Previous
page Application-level gateway (proxy and reverse-proxy)

Stateful and deep packet inspection (SPI and DPI)

Bibliography

(1) - ANSSI - Recommandations pour la définition d'une politique de filtrage réseau d'un pare-feu. - mars 2013 https://www.ssi.gouv.fr/uploads/IMG/pdf/NP_Politique_pare_feu_NoteTech.pdf

Software tools

Squid http://www.squid-cache.org

netfilter http://www.netfilter.org

SNORT http://www.snort.org

Websites

ANSSI, CSPN certified products https://www.ssi.gouv.fr/entreprise/produits-certifies/produits-certifies-cspn/

ANSSI, Common criteria certified products https://www.ssi.gouv.fr/entreprise/produits-certifies/cc/produits-certifies-cc/

...

Standards and norms

IETF, LEECH (M.), GANIS (M.), LEE (Y.), KURIS (R.), KOBLAS (D.), JONES (L.). – SOCKS Protocol Version 5. http://ietf.org/rfc/rfc1928.txt?number=1928 - rfc 1928 - 03-96

Regulations

Law no. 2009-1311 of October 28, 2009 on the criminal protection of literary and artistic property on the Internet, JORF no. 0251 of Oct. 29, 2009 https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000021208046&categorieLien=id

Law no. 2015-912...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects