|
Security Basics
statefull inspection FW and hackers Aug 20 2008 05:04AM Juan B (juanbabi yahoo com) (4 replies) RE: statefull inspection FW and hackers Aug 20 2008 05:15PM David Gillett (gillettdavid fhda edu) (1 replies) Re: statefull inspection FW and hackers Aug 20 2008 10:07PM Andrea Gatta (andrea gatta gmail com) (1 replies) Re: statefull inspection FW and hackers Aug 22 2008 04:53PM ॠaditya mukadam ॠ(aditya mukadam gmail com) |
|
 Privacy Statement |
a stateful inspection firewall can greatly improve the security of
your perimeter even in case of a port scan. Think about the following
scenario: an attacker is trying to "fly under the radar" using common
scanning techniques, let's say using a FYN scan. In that case a static
packet filter will not see and - most important - LOG such activity.
So you won't be aware a reconnaissance is taking place.
On the other hand, a stateful inspection firewall - and I mean with
that expression a device that has the concept of 'session' and at the
same time is capable to work both on the header and the payload -
might help preventing attacks even on open and exposed applications.
An example of that is an IPS which is nothing more than a stateful
inspection firewall which uses signatures to patter match stuff
happening on the wire.
Another thing I have learned is that what stateful really means can
change from vendor to vendor. So one good point would be to clearly
understand if we are talking about stateful packet filtering and/or
stateful inspection. They are not clearly the same thing.
Hope that helps.
Andrea
On Wed, Aug 20, 2008 at 7:04 AM, Juan B <juanbabi (at) yahoo (dot) com [email concealed]> wrote:
>
>
> Hi,
>
> Can someone please explain why statefull inspection Fw helps against hackers? I know that those FW keep track of the sessions but I dont understand how the feature might help against a port scan from the internet or other ways to mitigate hackers attacks.
>
> Thanks
>
> Juan
>
>
>
>
>
>
>
>
[ reply ]