A Comparison of Security Between Stateful Inspection and Application-Level Proxy Firewalls

Author

• Shahabeddin Daneshvar, San Jose State University

Publication Date

Spring 1998

Degree Type

Master's Project

Degree Name

Master of Science in Engineering (MSE)

Department

General Engineering

First Advisor

Dr. James Wayman

Abstract

Firewalls can be categorized into four general classes: packet filtering, stateful inspection, session-level proxy and application-level proxy firewalls. A stateful inspection firewall inspects the logical condition (state) of packets at the application layer of the Open Systems Interconnection (OSI) model. An application-level proxy firewall inspects the packets at the application layer of the OSI by using the proxy services. In order to determine which firewall technology is most secure to protect an internal host, it should be considered which technology is best suited to protect a firewall host. The goal of this thesis project is to compare the relative security strengths of stateful inspection and application-level proxy firewalls. The analysis process consists of two firewall implementations that permit the use of a security testing tool in six test scenarios to test the vulnerabilities of a firewall host and an internal host. Based on the test results, both firewall technologies protect significantly the firewall and internal hosts. However, a stateful inspection firewall implementation requires more user interaction. Therefore, an average user takes more security risk in implementing a stateful inspection firewall.

Recommended Citation

Daneshvar, Shahabeddin, "A Comparison of Security Between Stateful Inspection and Application-Level Proxy Firewalls" (1998). Master's Projects. 1669.
https://scholarworks.sjsu.edu/etd_projects/1669