Manualshelf

User guide

ManualsBrandsZoneAlarm ManualsComputer equipmentZ100G
21222324252627282930
Check Point Stateful Inspection Technology
14 Check Point ZoneAlarm User Guide
Check Point Stateful Inspection Technology
Invented by Check Point, Stateful Inspection is the industry standard for network security
solutions. A powerful inspection module examines every packet, ensuring that packets do
not enter a network unless they comply with the network's security policy.
Stateful Inspection technology implements all necessary firewall capabilities between the
data and network layers. Packets are intercepted at the network layer for best performance
(as in packet filters), but the data derived from layers 3-7 is accessed and analyzed for
improved security (compared to layers 4-7 in application-layer gateways). Stateful
Inspection incorporates communication and application-derived state and context
information, which is stored and updated dynamically. This provides cumulative data
against which subsequent communication attempts can be evaluated. Stateful Inspection
also delivers the ability to create virtual-session information for tracking connectionless
protocols, such as UDP-based and RPC applications.
ZoneAlarm routers use Stateful Inspection technology to analyze all packet
communication layers and extract the relevant communication and application state
information. The ZoneAlarm router is installed at the entry point to your network, and
serves as the gateway for the internal network computers. In this ideal location, the
inspection module can inspect all traffic before it reaches the network.
Packet State and Context Information
To track and act on both state and context information for an application is to treat that
traffic statefully. The following are examples of state and context-related information that a
firewall should track and analyze:
Packet-header information (source and destination address, protocol, source and
destination port, and packet length)
Connection state information (which ports are being opened for which
connection)
TCP and IP fragmentation data (including fragments and sequence numbers)
Packet reassembly, application type, and context verification (to verify that the
packet belongs to the communication session)
Packet arrival and departure interface on the firewall
Layer 2 information (such as VLAN ID and MAC address)