What is Stateful Inspection?
The stateful inspection is also referred to as dynamic packet filtering. It is the type of firewall technology that monitors the state of active connections and uses the information to permit the network packets through the firewall. Stateful inspection is generally used in place of stateless inspection of static packet filtering and is well suited with Transmission Control Protocol (TCP) and similar protocols, although it can also support protocols like User Datagram Protocol (UDP).
Stateful inspection is the kind of network firewall technology that filters data packets supported by state and context. Check Point Software Technologies (CPST) developed the technique within the early 1990s to overcome the restrictions of stateless inspection. Since then stateful inspection has made an appearance as an industry standard and is currently one of the leading common firewall technologies in use today.
Working of Stateful Inspection
Stateful inspection detects communications packets over a period of your time and examines both incoming and outgoing packets. The firewall follows outgoing packets that request specific sorts of incoming packets and authorize incoming packets to undergo as long as they constitute an accurate response. A stateful firewall monitors all sessions and verifies all packets, although the method it uses can vary counting on the firewall technology and therefore the communication protocol getting used.
For example, when the protocol is TCP, the firewall captures a packet’s state and context information and compares it to the prevailing session data. If an identical entry already exists, the packet is allowed to undergo the firewall. If the match is not found, then the packet must undergo certain policy checks. At that time, if the packet meets the policy requirements, the firewall assumes that it’s for a replacement connection and stores the session data within the appropriate tables. It then permits the packet to pass. If the packet does not match the policy conditions, the packet is rejected.
Advantages of Stateful Inspection
- Stateful Inspections are aware of the state of a connection.
- Stateful Inspections do not have to open up a large range of ports to allow communication.
- The Stateful Inspections prevent more kinds of DoS attacks than packet-filtering firewalls and have more robust logging.
- A Stateful Inspection can detect when illicit data is being used to infiltrate the network.
- A stateful inspection firewall also has the power to log and store important aspects of network connections.
- Stateful firewalls haven’t any need for several ports to be hospitable to facilitate smooth communication.
Disadvantages of Stateful Inspection
- They can be complex to configure.
- They cannot prevent application-layer attacks.
- Stateful Inspections do not carry user authentication of connections.
- Not all protocols contain state information.
- In Stateful Inspection some applications open numerous connections, some of them use dynamic port numbers for the auxiliary connections.
- In Stateful Inspection additional overhead is involved in maintaining a state table.