For example, when a stateful firewall sees a SYN packet, it keeps track of that TCP connection expecting to see the corresponding SYN+ACK and ACK packets. We then moved on to Stateful filtering (or Stateful Packet Inspection) which basically keeps track of the state of connections. Access Control Lists), it doesn’t scale well for current security needs. While this technique still has its place in today’s network (i.e. In this technique, every packet (irrespective of whether that packet is standalone or part of a traffic flow) is checked against the filtering rules. Initially, we had Static/Stateless filtering where traffic is checked against rules that match on source/destination IP addresses/ports. Deep Packet Inspection (DPI)Īs mentioned in the introduction above, the state of firewall/filtering techniques has evolved over the years. We will also briefly consider how DPI is different from packet capture/protocol analysis. In this article, we will ignore the fluff and buzzwords and take a look at Deep Packet Inspection (DPI) for what it really is, how it does what it does, why organizations use it, some of the challenges it faces, and some of the tools that can be used to perform DPI. what is NGFW? Is it just another name for Unified Threat Management?). static filtering simply checks IP and maybe TCP headers to make filtering decisions), some of them are marketing buzzwords and are still developing (e.g. While the usage of some of these terms has become fairly standard (e.g.
When it comes to firewalls or filtering techniques, you hear different terms like static filtering, stateful firewall, deep packet inspection, Next generation firewall (NGFW), and so on.
0 kommentar(er)
