The SPI firewall (Stateful Packet Inspection) avoids unauthorized access to a company network. Using an SPI firewall goes beyond looking at a stateless filter system that only contains the header of a packet and destination port for validation. Check the entire contents of the package before determining whether network access is allowed.
This higher level of control offers much more robust security and insightful information about network traffic than a stateless filter system.
Table of Contents
Weaknesses of the stateless package inspection
In a February 2002 article for Security Pro News, author Jay Fougera points out that stateless IP filters can efficiently route traffic. In addition, they cause low demand for computer resources and have serious network security vulnerabilities.
Stateless filters do not provide packet authentication and cannot schedule connections to be opened and closed in response to specific events. It also offers easy network access for hackers using IP spoofing. Incoming packets contain a spoofed IP address that the firewall identifies as coming from a trusted source.
How an SPI firewall regulates network access
An SPI firewall logs the IDs of all packets transmitted over your network. And when an incoming packet attempts to access the network. The firewall can determine if this is a response to a packet sent by your network or if it was not requested.
The SPI firewall uses an access control list, a database of reliable entities, and their network access rights. The SPI firewall can refer to the ACL when examining a packet to determine whether it is from a trusted source. And if so, where can it be routed in the network.
Respond to suspicious traffic
SPI firewall designs to drop all packets sent from the sources and not include them in the ACL. It prevents a denial of service attack in which an attacker floods the network with inbound traffic to block and free its resources.
He is unable to respond to legitimate requests. The Netgear website suggests comparing NAT, static content filtering, SPI, and firewalls in its security article. And these SPI firewalls can also examine packets for functions that use in known hacking attacks. B. DoS attacks and IP spoofing, and drop all packets identified as potentially malicious.
Thorough packaging inspection
Deep Packet Inspection offers advanced SPI functions and can examine the contents of packets in real-time. In contrast, looking for information such as the full text of an email.
Routers equipped with DPI can focus on traffic originating from specific locations or specific destinations. It can also be design to perform certain actions, for example. B. Registering or Deleting Packages. When the packets meet an origin or destination criterion. DPI-capable routers Design to examine specific types of data traffic such as VoIP or transmission media.
ALSO READ: Data Network – Definition and Uses