Stateful Inspection Firewalls
A stateful inspection firewall keeps track of the state of a connection by monitoring the TCP 3-way handshake. This allows it to keep track of the entire connection – from start to end – permitting only expected return traffic inbound.
Stateful Inspection Firewalls
A stateful inspection firewall keeps track of the state of a connection by monitoring the TCP 3-way handshake. This allows it to keep track of the entire connection – from start to end – permitting only expected return traffic inbound.
When starting a connection and requesting data, the stateful inspection builds a database (state table) and stores the connection information. In the state table, it notes the source IP, source port, destination IP, and destination port for each connection. Using the stateful inspection method, it dynamically creates firewall rules to allow anticipated traffic.
This type of firewall is used as additional security. It enforces more checks and is safer compared to stateless filters. However, unlike stateless/packet filtering, stateful firewalls inspect the actual data transmitted across multiple packets instead of just the headers. Because of this, they also require more system resources.
| STATEFUL INSPECTION FIREWALLS | |||
| Advantages | Disadvantages | Protection Level | Who is it for: |
| – Keep track of the entire session.– Inspect headers and packet payloads.
– Offer more control. – Operate with fewer open ports. |
– Not as cost-effective as they require more resources.– No authentication support.
– Vulnerable to DDoS attacks. – May slow down performance due to high resource requirements. |
– Provide more advanced security as it inspects entire data packets while blocking firewalls that exploit protocol vulnerabilities.– Not efficient when it comes to exploiting stateless protocols. | – Considered the standard network protection for cases that need a balance between packet filtering and application prox |
