Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid. An example of a stateful firewall may examine not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination. A stateful inspection firewall also monitors the state of the connection and compiles the information in a state table. Because of this, filtering decisions are based not only on administrator-defined rules (as in static packet filtering) but also on context that has been established by prior packets that have passed through the firewall.
As an added security measure against port scanning, stateful inspection firewalls close off ports until connection to the specific port is requested.
Check Point Software is credited with coining the term stateful inspection in the use of its FireWall-1 in 1993.
eSecurity Planet A resource for daily information on e-security targeted to IT managers. The site provides users with information from a variety of sources, including experts at security product and services firms, and the consultants who follow the security industry.
Great Walls of Fire Hackers, lurking cyber punks and viruses. Enough to give any network administrator the willies. But, an efficient firewall could be just the armor your network may need to combat most of these threats.(2001)
