As the world we dwell in is digitally advanced where the Internet has sneaked into our lives in almost every aspect. It’s hard to imagine a day without the Internet or devices capable of interacting with it.
Although it has made our lives easier, the internet also welcomes tons of online threats that can harm an organization in a variety of ways. Hackers seek for security loopholes where they can inject viruses and other malicious intent to cost a business huge money and fame.
Tech giants like Google and Facebook have also suffered from such theft. A CNBC report cites that scammers took a creative turn to steal $100M+ from Google and Facebook from 2013-2015.
All thanks to modern advancements that firewalls have been introduced to protect against digital threats. They are designed to safeguard devices and valuable data by monitoring and controlling network traffic incoming and outgoing.
However, hackers and their threats are evolving as we speak. Therefore, firewalls need to be smarter as well to face new challenges.
Are all firewalls the same?
No, all firewalls are not built the same. They have come a long way since the 1980s, and you can hear about their different types, such as:
- Network firewalls
- Web Application Firewalls (WAF)
- Software-based
- Hardware-based
- Cloud-based
- Mobile firewall
In this article, I am going to discuss stateful and stateless firewalls that people find confusing about. Each one of them has some pros and cons and applicability, but both are indeed important for network protection.
So, let’s jump straight to know them!
What is a Stateful Firewall?
Stateful firewalls are capable of monitoring all aspects of network traffic, including their communication channels and characteristics. They are also referred to as dynamic pocket filters as they filter traffic packets based on the context and state.
Now, what do these context and state mean in the language of network connections?
- Context – it involves metadata of packets including ports and IP address belonging to the endpoint’s and destination, packet length, layer 3 information related to reassembly and fragmentation, flags, and numbers for TCP sequence of layer 4, and more.
- State – firewalls apply their policy based on the state of the connection. To understand the state, let’s take the example of TCP-based communication. In TCP, 4 bits control connection state – SYN, ACK, FIN, and RST.
When a connection initiates through a 3-way handshake, then the TCP indicates the SYN flag, which the firewall uses to indicate the arrival of a new connection. Next, the connection receives the flag SYN+ACK by the server. Until the client reverts with ACK, the connection does not establish.
Similarly, on seeing FIN+ACK or RST packet, the connection is marked for deletion right there along with for future packets.
#security #geekflare #stateless firewalls #firewalls
