Manualshelf

Installation guide

ManualsBrandsCyberGuard ManualsComputer equipmentSG570
11121314151617181920
16
Disadvantages of stateful packet filters
Vulnerable to attacks with malformed packets (since it does not know about packet content).
Vulnerable to protocol-based attacks / ‘buffer overflow’ attacks.
Examples of stateful packet filters
Linux NetFilter based firewalls.
BSD IPF or OpenBSD IPF based firewalls.
Watchguard Firebox.
Stateful inspection packet filters
This is a stateful packet filter armed with protocol specific modules that actually know how to interpret a
packet in the context of its protocol. Also known as dynamic packet filtering, stateful inspection provides
enhanced security by keeping track of communications packets over a period of time. Both incoming and
outgoing packets are examined. Outgoing packets that request specific types of incoming packets are
tracked; only those incoming packets constituting a proper response are allowed through the firewall.
In the practice phone system analogy – as with the ‘stateful’ receptionist, the ‘inspecting stateful’
receptionist will only accept calls from patients who are confirmed to be returning a call. Imagine though,
that the inspecting stateful receptionist puts the call through to Dr X but then listens in so that if the patient
starts to ask about unrelated problems. If this should happen, the receptionist interrupts the connection and
explains that the patient will need to make the relevant appointment.
Advantages of stateful inspection packet filters
There are the same advantages as stateful packet filters (above) plus:
protection against some protocol based attacks.
less vulnerable to misuse of open ports.
Disadvantages of stateful inspection packet filters
Depends on protocol specific inspection modules. Protocols not covered by inspection
modules will be handled no better than with a stateful packet filter.
Needs a lot more processor power and RAM, hence is more expensive, generates more heat
and is more prone to technical faults.
Examples of stateful inspection packet filters
Firewalls based on newer Linux kernels (2.6).
Sonicwall appliances (for limited number of protocols).
Checkpoint Firewall appliances.
Application proxies
This type of firewall goes one step further than stateful inspection firewalls.
It not only knows the history of the connection, but also inspects the data within the packets, and decides
whether or not to allow a packet pass through depending on the content.
The proxy basically receives packets, analyses them, and repackages them safely according to nominated
rules before sending them on as instructed.
Application proxies are typically located within a separate ‘perimeter network’ or Demilitarised Zone (DMZ)
that is a third network between your real private network and the public Internet.
It insulates the internal network by enabling less secure services to operate in the perimeter without
compromising the internal network.