TABLE OF CONTENTS You may be asking what the difference is between all that you ve learned to this point and Protocol Inspection. Well, in this section, you may discover some things about applications and protocols that don t necessarily jibe with the way things should be. As the name implies, a protocol, regardless of the context, is a set of rules or ways to do things. This layman s definition also applies to the protocols that you consider in terms of networking and applications. What you may not be aware of is the fact that often there are applications that do not conform to protocols as the designers intended. This nonconformity may be a mistake, or it could be an attempt to attack the protocol and produce undesirable results. Let s discuss more about protocol conformity and see how our Check Point gateway helps us enforce the intentions of the designers.
As briefly mentioned earlier in this chapter, there are a considerable amount of applications whose aim is to comply with protocols. However, a subset of applications exists that, for whatever reason, simply do not conform to protocol X. Though this does not normally cause issues with the application, it does present problems for you if your firewall or other security device forces applications to conform to the protocol as the designer intended and as documented in the RFC. Because attackers know that some legitimate applications may not conform to protocol specifications, they may create malicious code with similar nonconformity that will violate...
