Application filtering

Application filtering

Firewalls need to evolve and become more sophisticated in detecting newer threats with changing business processes. Increasing bandwidth demand and newer architectures like Web 2.0 is changing the way network protocols are being used and data is transferred. First Generation firewalls have largely been blind to such threats as more communications Is going through standard protocols like HTTP and HTTPS.  

URL filtering allows you to control access to Internet websites by permitting or denying access to specific websites based on information contained in an URL list. However, websites are now largely replaced with applications and with this, it has become imperative to provide solutions concerning filtering of applications. While some applications can be very useful to the organizations, other applications like torrents and proxy applications could be very harmful. Allowing these types of applications in your network might lead to serious consequences like

  •  If you’re torrenting illegally, whether you realize it or not, there is a chance you could get chased for copyright infringement which could bring legal liability to your organization.
  •  Unless connected to a VPN or some other means of encryption, all of the internet traffic can and likely will be monitored by a user’s internet service provider. Internet service providers are usually in league with copyright holders. They don’t want to be held liable for privacy, and want to save bandwidth. If an ISP catches one of its customers torrenting, they could resort to bandwidth throttling, fines, or even account suspension and termination causing distruption, leading to business loss.
  • Torrents are common sources of malware and viruses. This is especially true of software and games, which must be installed and executed. This could lead to your network being infected and risk or data leak through such downloaded applications.

 Besides this, when it comes to blocking applications, it is realized that Applications are very difficult to detect and block as compared to URLs. Some applications like BitTorrent can run on any port, and can be wrapped inside SSL which makes them difficult to detect. One possible way to effectively detect and block them would be deep packet inspection. Deep packet inspection involves looking at traffic and blocking it based on its type.

Another major task considering filtering of applications is to identify applications from SSL protocols and then filtering them. Firewall filtering based on port numbers can no longer provide security to an enterprise. Many applications use standard ports like 443 to camouflage its application traffic. The strength of a firewall in classifying these application forms the basis of your security.

GajShield’s Application filter is the industry’s most powerful Deep Packet Inspection (DPI) engine, providing real-time, Layer-7 classification of all network application traffic. It is designed for fast, trouble-free classification of more than 2500+ application signatures. With its smart classification technology and deep packet inspection which is also called complete packet inspection and information extraction or IX that is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination, or, for the purpose of collecting statistical information that functions at the Application layer of the OSI (Open Systems Interconnection model). There are multiple headers for IP packets; network equipment only needs to use the first of these (the IP header) for normal operation, but use of the second header (such as TCP or UDP) is normally considered to be shallow packet inspection (usually called stateful packet inspection) despite this it creates zero impact on the network throughput and provides wire speed capabilities.

GajShield reporting system provides in-depth know-how of the applications used by your organization, which forms the first step towards security. Using this knowledge security officers can then block applications for users or groups. With its recent launch of BYOD features, applications can now also be blocked based on whether the traffic has originated from a mobile device.

Earlier, Traditional firewalls would operate on the network layer. Due to advancements in the technology, now GajShield offers Application Visibility & Control with Layer 7 policies and reporting, preventing data leakage and sophisticated application-layer threats, including malware, phishing, bot-nets. GajShield offers industry-leading support for over 2500+ key application signatures. Real-time network logs and reports further allow organizations to promptly re-set network settings for maximum security and productivity. In addition to this, Gajshield’s application filtering feature aims to enhance business critical application performance by limiting bandwidth for non-business traffic, in built application categories make it easier to filter out and block unwanted applications for the users and to ease this process, Gajshield also supports sub classification within a category.

As a result of this, infrastructure cost is greatly reduced and thereby, bandwidth is saved as well. Detailed reports showcasing which users are allowed access to which applications further helps support security. In addition to all these security features, policies can also be set to filter out non business traffic which helps to curb the usage of internet for non-professional purposes or personal usage.

Features of GajShield’s Application Filtering mechanism

  • Control and visibility of layer 7 & applications
  • Enhance business critical application performance by limiting bandwidth for non-business traffic
  • Inbuilt application categories.
  • 2500+ Application signatures
  • Sub classification within a category supported
  • Saves bandwidth and reduces infrastructure costs
  • Protects corporate users including BYOD devices.
  • Improved security by blocking threats emerging out of risky applications.
  • Quick to setup and simple to implement using GajShield’s Object oriented policy management

Case Study: GajShield application filtering comes to the rescue of S. S. Jain Subodh PG College to secure its network