|
From
|
"fuokista" <fuokista@libero.it>
|
|
Date
|
Tue, 26 Aug 2003 13:15:31 +0200
|
|
Subject
|
[hackmeeting] STATEFUL INSPECTION
|
Chi mi sa spiegare un po' piu' alla buona questa "Stateful Inspection"???
Byez,
Fuok
..............................................................................................................................................
In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions for TCP/IP based services (e.g., whether to accept, reject, authenticate, encrypt and/or log communication
attempts), a firewall must obtain, store, retrieve and manipulate information derived from all communication layers and from other applications.
It is not sufficient to examine packets in isolation.
State information—derived from past communications and other applications—is an essential factor in making the control decision for new communication
attempts.
Depending upon the communication attempt, both the communication state (derived
from past communications) and the application state (derived from other applications) may be critical in the control decision.
Thus, to ensure the highest level of security, a firewall must be capable of accessing, analyzing and utilizing the following:
• Communication Information:
Information from all seven layers in the packet;
• Communication-derived State:
The state derived from previous communications.
For example, the outgoing PORT command of an
FTP session could be saved so that an incoming
FTP data connection can be verified against it;
• Application-derived State:
The state information derived from other applications.
For example, a previously authenticated
user would be allowed access through the firewall
for authorized services only;
• Information Manipulation:
The ability to perform logical or arithmetic
functions on data in any part of the packet;
Stateful Inspection, invented by Check Point Software Technologies, has emerged as the industry standard for enterprise-class network security solutions.
Stateful Inspection is able to meet all the security requirements defined above while traditional firewall technologies, such as packet filters and application-layer gateways, each fall short in some areas.
With Stateful Inspection, packets are intercepted at the network layer for best performance (as in packet filters), but then data derived from all communication layers is accessed and analyzed for improved security (compared to layers 4–7 in application-layer gateways).
Stateful Inspection then introduces a higher level of security by incorporating communication-and application-derived state and context information which is stored and updated dynamically.
This provides cumulative data against which subsequent communication attempts can be evaluated. It also delivers the ability to create virtual session information for tracking connectionless protocols (e.g. RPC and UDP-based applications), something no
other firewall technology can accomplish.
_______________________________________________
hackmeeting mailing list
hackmeeting@kyuzz.org
http://lists.kyuzz.org/mailman/listinfo/hackmeeting
![[<--]](/icons/prev.gif){kind=icon}
![[-->]](/icons/next.gif){kind=icon}