Each network security service can benefit you. What does a stateful firewall maintain?
What Does a Stateful Firewall Maintain?
A stateful firewall maintains a record of the current network connections and their states. This information is commonly referred to as the state table. The state table is used to analyze traffic on the network and allow or deny traffic based on the existing connections.
The state table tracks individual conversations, or sessions, between computers on the network. Traffic is allowed or denied based on which connections are open and which connections are closed. If a connection is closed, then all traffic using that connection is denied. If all connections are closed, then all traffic is permitted.
Dynamic List of Addresses
A stateful firewall also maintains an active connection table, also called a dynamic list of addresses, for each interface it manages. Also, the active connection table contains a list of recently observed source IP addresses. This is to track how long it takes for a request to be responded to by its destination host computer.
In addition, the active connection table has information about each host, such as its IP address, port number, protocol, and other details. This could be used to identify the specific service being requested by a remote computer. The active connection table is used in conjunction with the state table.
It determines if traffic should be allowed or denied as it arrives at an interface. Also, when it matches an existing entry in either the state table or active connection table. Stateful firewalls require much more memory than most other types of firewalls.
Because they must maintain both a large state table and an active connection table for each interface managed by the firewall device. This can result in high memory utilization on the firewall device and degrade overall performance. This is if too many concurrent sessions are being tracked by the firewall device at one time.
What is Stateful Inspection?
The term stateful refers to the fact that connections are tracked and allowed or denied based on the current state of a connection. A stateful firewall keeps track all current connections in a table, commonly called a state table. The state table contains a list of all open and closed connections.
This is in addition to the source and destination IP addresses and ports used by these connections. Also, this table is used to determine if new traffic arriving at an interface should be allowed or denied. That is by comparing it to a current connection in the state table.
Traffic Match-up Filtering
Stateful inspection is the process where all incoming and outgoing traffic is compared to the existing connections in the state table. Traffic that matches an existing connection is automatically permitted. This is while traffic that doesn’t match an existing connection is automatically denied.
Because the only traffic that doesn’t match an existing connection is ever considered for further inspection. So, stateful firewalls provide extra protection against denial-of-service (DoS) attacks. Because they can limit the number of packets that need to be analyzed for further inspection.
In addition, only traffic that doesn’t match an existing session is even considered for further inspection. Since there are no opportunities for previously recorded sessions to be replayed or spoofed. Stateful firewalls use their knowledge of current network connections to provide better protection against DoS attacks!