(DNS is the domain name system used on the internet to convert between the names of devices and their IP addresses. For instance, a bastion host will run a secure version of the operating system, and may allow only essential services to be installed with a restricted set of Telnet, DNS, FTP and SMTP protocols. This is specifically designed to be more resistant to attacks than other hosts on the protected network. The originating client and the remote server are hidden from each other.īecause an application level gateway is exposed to greater risk than the hosts it protects, the proxy server normally takes the form of a specially secured host, referred to as a bastion host.
The term ‘application level gateway’ is appropriate because, from the view of both the clients within the protected network and the remote servers, the proxy server is seen as the end user. Each internal host allowed to use or provide the specified services must also be defined. Normally, each supported service is rigorously defined so that any undefined services are not available to users. Application level gateways typically provide proxy services for email, Telnet and the World Wide Web.
For instance, electronic mail will be associated with a variety of mail applications and an application level gateway will act on criteria such as the message size, header fields or likely content, as indicated by key words. Policy decisions to block or permit traffic are based on features identified in the application. All subsequent data exchanges in relation to the service request are handled by the proxy server.Īn application level gateway relays requests for services at the application level. After the client's authentication has been confirmed, the requests for services are relayed onwards by the proxy server, provided that they are allowed by the security policies in force. A client application from within the protected network may request services originating from less secure networks such as the internet. An application level gateway is implemented through a proxy server, which acts as an intermediary between a client and a server.
0 kommentar(er)
