“local international”Türkçe - English

Real Application Identification

From progress in Computing Technologies in recent years, security systems are affected and according to the security violations and new generation of attacks security systems are advanced as well.

Today first and second generations of firewalls with TCP/IP ports based packet filtering cannot cope with the new trends of attacks and P2P applications. The applications such as P2P and Instant Messaging, can work on any port and even communicate using dynamic ports. At first it seems that denying access to known ports (i.e., 80, 110, 53) may prevent those applications. However P2P applications evolved and last generation of P2P applications can work on any environment even behind NATted firewalls. For example, most of the world wide internet traffic is flowing on the HTTP port, and that nearly every firewall has HTTP port open by default. But P2P and IM applications can work on this port too, thus we have no way of differentiating the legitimate HTTP traffic from P2P or IM traffic.

At this point it is necessary for the security systems to look inside the packets and independent of the ports and services, and try to differentiate the traffic using signatures. It is necessary to create signatures of various traffics to differentiate the flowing traffic through security devices. With matching signatures of an IP address, we can determine that the traffic is from the application that we are seeking to find and then apply any security and traffic policies on the traffic.

According to the OSI (Open System Interconnection) reference model those firewall operations work at the 7th Layer, Application Layer. This new technology is called Application Layer Filtering.

This new technology is called Application Layer Filtering.

For known applications determined using the application packet signature, managing user and group privileges and/or preventing, traffic shaping or redirecting the traffic is possible. Labris products are the first with application layer filtering capabilities in the industry, thus offering Labris customers the opportunity to identify nearly 100 applications and as a complete Firewall system high success rates to all networks. Labris Firewall still allows administrators to define policy rules according to IP addresses, and ports and a mixture of old-style ports based rules with application layer signatures at the same time. For more information about the application layer filterind and the list of identified applications see Labris Firewall web pages.

Labris Firewall Software
Labris Security Gateway Appliance