Application Layer Gateways; Overview; Hyper Text Transfer Protocol; File Transfer Protocol - D-Link NetDefend DFL-210 User Manual

6.2. Application Layer Gateways

6.2. Application Layer Gateways

6.2.1. Overview

To complement low-level packet filtering, which only inspects packet headers in protocols such IP,
TCP, UDP, and ICMP, D-Link Firewalls provide Application Layer Gateways (ALGs) which
provide filtering at the higher application OSI level.
An ALG act as a mediator in accessing commonly used Internet applications outside the protected
network, e.g. Web access, file transfer, and multimedia transfer. ALGs provide higher security than
packet filtering since they are capable of scrutinizing all traffic for a specific service protocols and
perform checks at the uppermost levels of the TCP/IP stack.
The following protocols are supported by NetDefendOS ALGs:
• HTTP
• FTP
• SMTP
• H.323

6.2.2. Hyper Text Transfer Protocol

Hyper Text Transfer Protocol (HTTP) is the primary protocol used to access the World Wide Web
(WWW). It is a connectionless, stateless, application layer protocol based on a request/response ar-
chitecture. The client, such as a Web browser, sends a request by establishing a TCP/IP connection
to a particular port (usually port 80) on a remote server. The server answers with a response string,
followed by a message of its own. That message might be, for example, an HTML file to be shown
in the Web browser or an ActiveX component to be executed on the client, or an error message.
The HTTP protocol faces particular issues because of the wide variety of web sites that can be ac-
cessed and the range of file types that can be downloaded as a result of such access. Two mechan-
isms that exist in NetDefendOS to specifically handle this are Web Content Flitering and Anti Virus
scanning.

6.2.3. File Transfer Protocol

File Transfer Protocol (FTP) is a TCP/IP-based protocol for exchanging files between a client and a
server. The client initiates the connection by connecting to the FTP server. Normally the client
needs to authenticate itself by providing a predefined login and password. After granting access, the
server will provide the client with a file/directory listing from which it can download/upload files
(depending on access rights). The FTP ALG is used to manage FTP connections through the D-Link
Firewall.
FTP Connections
FTP uses two communication channels, one for control commands and one for the actual files being
transferred. When an FTP session is opened, the FTP client establishes a TCP connection (the con-
trol channel) to port 21 (by default) on the FTP server. What happens after this point depends on the
mode of FTP being used.
Modes
There are two modes, active and passive, describing the role of server in respect to opening the data
channels.
105
Chapter 6. Security Mechanisms