Security Basics: Re: statefull inspection FW and hackers

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: statefull inspection FW and hackers

From: aditya.mukadam () gmail com
Date: 25 Aug 2008 03:01:24 -0000

my take on SPI:

Stateful inspection can be best understood with security zones/level.

By default, most of the firewall dont allow anything to come from low security zone to high (ie lets say from internet 
to internal resources). This would mean that if internal user accesses internet his response will be blocked. This is 
not desirable because we donot want to keep on opening hole from internet to internal host on the
firewall. We need some mechanism to allow this response/reply back to the internal user.SPI helps us to achieve it !

As mentioned in the thread and also to keep it simple, SPI maintains a state table of requests and opens the incoming 
requests for that
connection  !Rest all the requests from low security zone to high are denied (if not explicitly allowed)

Thanks,
Aditya Govind Mukadam

By Date By Thread

Current thread:

RE: statefull inspection FW and hackers, (continued)
- RE: statefull inspection FW and hackers David Gillett (Aug 20)
  - Re: statefull inspection FW and hackers Andrea Gatta (Aug 21)
    - Re: statefull inspection FW and hackers ॐ aditya mukadam ॐ (Aug 25)
- Re: statefull inspection FW and hackers Andrea Gatta (Aug 20)
  - Re: statefull inspection FW and hackers Adriel Desautels (Aug 20)
- Re: statefull inspection FW and hackers aditya . mukadam (Aug 25)