What is the status inspection?

6 The method is also sometimes known as dynamic filtering and is able to check the entire data packet before entering the network. In this way, each packet entering any interface to the firewall gates is completely checked in terms of validity against types of connections that can pass to the other side. The process gets its name, because not only in data packet control, but also monitors the state of the connection that has been created and allowed via firewall.

The idea for the status inspection was first designed with the Check Point® software in the mid -90s. Before the ENGINE software for Point's® Firewall-1 inspecting, the Inspect ™ monitored the application layer at the top of the opening model of open systems (OSI). This tend to be very taxed on the computer processor, so the packet inspection moved the minors of the model to the third layer, the network layer. The timely packet inspection only checked the header, addressing and protocol information, and had no wayhow to distinguish the condition of the packet, such as whether it was a new connection requirement.

In the status inspection firewall, the filtering method of packet filtering for sources will combine somewhat with more detailed information about the application. This provides a certain packet context, providing more information from which a security decision can be established. To save all this information, the firewall must create a table that then defines the connection status. Details of each connection, including information about address, ports and protocols, as well as information about sequencing for packets, are then stored in the table. The only time when the sources are tense are the state of the state during the starting entry; Then each other packet coincides with this state, which uses almost no computing means.

The inspecting process of the inspection begins when the first packet requiring connection is captured and checked. The packet is compared withFirewall fork, where it is controlled against a number of possible authorization parameters, which are infinitely customizable to support previously unknown, or to be developed software, services and protocols. The captured packet initials Handshake and the firewall sends a response back to the requesting user who confirms the connection. Now that the table has been filled with information about the connection status, another packet from the client corresponds to the connection status. This continues to the connection, whether the connection is or is terminated and the table is erased for state information for this connection.

This brings one of the problems to face the status inspection of the firewall attack the rejection of the service. With this type of attack, security is not at risk, as well as firewall is bombarded with numerous initial packets requiring connections, forcing the state table to fulfill the requirements. Once the state table is full, it can no longer accept any requirements, so all other connection requirements are blocked. Another methodThe attack against the status firewall uses the firewall rules to block incoming traffic, but allows any outgoing operation. The attacker can deceive the host on the secure side of the firewall gate to ask for an exterior connection and effectively open any services on the host for the attacker to use.