Stateful Firewall/Stateless Firewall/Stateful Packet Inspection
This knowledge base posted by MiniTool focuses on stateful firewalls and talks about the meaning of stateless firewall, stateful packet inspection, and stateful packet filtering. It also compares the differences between stateful and stateless firewalls.
What Is a Stateful Firewall?
Stateful Firewall Definition
In the computer field, a stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it.
A stateful firewall keeps tracking the state of network connections like TCP streams, UDP datagrams, and ICMP messages. It can also apply labels such as Established, Listen, and Closing.
State table entries are created for UDP datagrams or TCP streams that are allowed to communicate via the firewall according to the configured security policy. Once in the table, all related packets of a saved session are streamlined allowed, taking fewer CPU cycles than a standard inspection.
Related packets can also return through the firewall even if no rule is configured to allow communications from that host. Within a specific time, if there is no traffic, the connection is removed from the state table. Yet, keepalive messages can be sent periodically by apps to prevent a firewall from cutting down the connection during idle time; this is useful for programs that have long periods of silence by design.
Stateful vs Stateless Firewall
What Is a Stateless Firewall?
A stateless firewall uses clues from the destination address, source, and other key values to assess whether threats are present or not. Then, it blocks or restricts those untrusted. As one of the earlier iterations of firewalls, stateless firewalls do not look beyond the header of packet contents to decide whether traffic is authorized or not.
Difference Between Stateful and Stateless Firewall
Both stateful and stateless firewalls have their advantages and disadvantages respectively. Here are the lists.
Advantages of Stateful Firewall
- Good at detecting unauthorized attempts and forged messages.
- Support robust attack prevention and extensive logging capabilities.
- Base future filtering decisions on the cumulative sum of past and present findings.
- Keep network connections’ key attributes.
- No need for many open ports for proper connections.
Advantages of Stateless Firewall
- Deliver fast performance.
- Perform well under pressure.
- Cheaper than the stateful firewall.
Disadvantages of Stateful Firewall
- Vulnerabilities allow hackers to control the firewall.
- Main-in-the-middle attacks may pose greater vulnerabilities.
- Some stateful firewalls can be cheated to allow outside connections.
Disadvantages of Stateless Firewall
- Not inspect traffic.
- Not examine the whole packet.
- Need some configuration to reach a suitable level of protection.
What Is Stateful Packet Inspection?
Deep Packet Inspection (DPI) or packet sniffing is a kind of data processing that inspects in detail the data being sent over a network and may take actions like alerting, blocking, rerouting, or logging it accordingly.
There are multiple IP headers for IP packets. Network equipment only needs the first IP headers for normal operation. Yet, the usage of the second header is normally regarded as stateful packet inspection, also known as shallow packet inspection. Stateful packet inspection is a security feature often used in non-commercial and business networks.
What Is Stateful Packet Filtering?
Stateful packet filtering, also known as dynamic packet filtering, is another name for stateful packet inspection. Therefore, it is a security feature often used in non-commercial and business networks. The stateful packet filter is used to enable advanced network management, Internet data mining, Internet censorship, eavesdropping, security functions, and user service.
In some countries, stateful packet filtering is used by Internet Service Providers (ISPs) to secure public networks for customers including China.