The stateful packet inspection religous debate
Bill Clark
bill at billclark.net
Thu Nov 8 16:51:22 CST 2001
Stateful packet filtering is an enhancement to dynamic packet filtering.
This technology tries to make sense out of higher-level protocols and adapt
filtering rules to accommodate protocol-specific needs. The stateful packet
filter keeps track of state and context information about a session. This
technology can be applied to the UDP protocol as well, setting up a virtual
session, giving the illusion of security where no security exists.
Some people contend that stateful packet filtering is safer and faster than
application gateways(static filtering). In my experience and nearly
everyone in the industry the evidence shows that statefule packet inspection
is faster than application gateways.
However, many believe that stateful packet filtering is less secure and even
worse gives a false sense of security. Unless you work for Checkpoint or
have been brain washed by Checkpoint. I have my CCSE and CCSA from
Checkpoint so I was brain washed too at one time. Truefully either one of
these technologies is going to protect or slow down the majority of attacks.
There is no way to prevent someone from denying you service or from breaking
into your network. Your only hope is to detect the event and respond before
too much damage is done. A firewall merely slows an attacker down.
Bill
bill at billclark.net
More information about the Kclug
mailing list