I'm thinking about going with a security vendor for hosted sites on my VPS, and I'm having a hard time understanding something. (Yes I know this is OSI terminology, and the sites in question are basic dental and medical practice websites with no eCommerce and no private info (SSN, etc).
Their basic plan has a Level 7 firewall (and I get that that's HTTP, HTTPs, etc). But their advanced plan has Level 3,4 coverage as well (and I get that this is IP and TCP/UDP).
1) What I don't understand is the big picture -- does a Level 7-only firewall ignore problems with Level 3/4? Is packet inspection skipped?
2) And if so, how necessary is a level 3/4 firewall if you already have a level 7 in place?
Any help is greatly appreciated -- and if there's a book or resource I can read to understand this that would also be great.
Thank you in advance! I want to understand what I'm doing before I make a purchase!
It sounds like you're getting a bit of misleading jargon. The technical definitions for these types of firewalls are:
Layer 3 firewalls (i.e. packet filtering firewalls) filter traffic based solely on source/destination IP, port, and protocol.
Layer 4 firewalls do the above, plus add the ability to allow or deny network traffic based on the status of TCP sessions (i.e. stateful packet inspection).
Layer 7 firewalls (i.e. application gateways) can do all of the above, plus include the ability to intelligently inspect the contents of those network packets. For instance, a Layer 7 firewall could deny all HTTP POST requests from Chinese IP addresses. This level of granularity comes at a performance cost, though.
Since the proper definitions don't line up with their pricing scheme, I think they're using Layer 7 as a (technically incorrect) reference to a software firewall running on your VPS. Think along the lines of iptables or Windows Firewall. Should you pony up the extra fees, they'll put your VPS behind a proper network firewall. Maybe.
If they can't be bothered to use proper terminology when describing their VPS solution to potential customers, I'd question their competence in other areas as well.
The first is an application layer firewall. It probably works as an HTTP(s) proxy where the requests are made to the proxy, that filters all the request and than send them to your server. If the company you're going to buy use an http proxy, your server IP will be totally hidden from the web, whats really good. If you just need to protect your websites this is the most simple solution you can have and "just works". This is the method that CloudFlare use, for example.
The second is a network layer firewall. It's a more advanced firewall, that filter all trafic before reaching your server. This one is by far the most effective an efficient, as you can protect any kind of aplication, but you'd need a really big setup with BGP announces, filtered IPs blocks, tunnels and so on. This is commonly used with services that receive big DDoS attacks and host critical aplications, ecommerce and games.
Keeping it shot: If you just need to secure your websites use the Layer 7 solution. If you need an advanced firewall that filter any kind of application, protection against DDoS attacks and so on, use the Layer 3-4 solution.
Here you can read more about CloudFlare, that I think it's the right solution to you: https://www.quora.com/How-does-CloudFlare-work