What is Stateful Packet Inspection?
Stateful packet inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid. With older firewall technologies such as packet filters, it is possible to ‘spoof’ an incoming session, which might not have actually originated as a result of a request from inside the firewall. In addition to the source and destination IP addresses therefore, BizGuardian refers to its own records to confirm that the traffic ‘state’ is valid. For extra security BizGuardian closes ports until a specific connection is requested. This further reduces the likelihood of an open port being scanned by an outside hacker.
Stateful inspection firewalls determine whether packets can get through the firewall based on the protocol, port, and source and destination addresses. For every request that is allowed by the strategy, stateful inspection firewalls open up a limited time window to allow response packets, but ONLY from the same host. Also, by maintaining information about previous packets, stateful inspection firewalls can quickly verify that packets meet the criteria for authorized traffic. This makes stateful inspection firewalls inherently fast.
