Manualshelf

User guide

ManualsBrandsZoneAlarm ManualsComputer equipmentZ100G
31323334353637383940
Check Point Stateful Inspection Technology
18 Check Point ZoneAlarm User Guide
Firewall Technology Action
Stateful Inspection
Firewall
A Stateful Inspection firewall examines the FTP application-layer
data in an FTP session. When the client initiates a command
session, the firewall extracts the port number from the request. The
firewall then records both the client and server's IP addresses and
port numbers in an FTP-data pending request list. When the client
later attempts to initiate a data connection, the firewall compares the
connection request's parameters (ports and IP addresses) to the
information in the FTP-data pending request list, to determine
whether the connection attempt is legitimate.
Since the FTP-data pending request list is dynamic, the firewall can
ensure that only the required FTP ports open. When the session is
closed, the firewall immediately closes the ports, guaranteeing the
FTP server's continued security.
What Other Stateful Inspection Firewalls Cannot Do
The level of security that a stateful firewall provides is determined by the richness of data
tracked, and how thoroughly the data is analyzed. Treating traffic statefully requires
application awareness. Firewalls without application awareness must open a range of ports
for certain applications, which leads to exploitable holes in the firewall and violates
security “best practices”.
TCP packet reassembly on all services and applications is a fundamental requirement for
any Stateful Inspection firewall. Without this capability, fragmented packets of legitimate
connections may be dropped, or those carrying network attacks may be allowed to enter a
network. The implications in either case are potentially severe. When a truly stateful
firewall receives fragmented packets, the packets are reassembled into their original form.
The entire stream of data is analyzed for conformity to protocol definition and for packet-
payload validity.
True Stateful Inspection means tracking the state and context of all communications. This
requires a detailed level of application awareness. The ZoneAlarm router provides true
Stateful Inspection.