Table of Contents
SPI Firewall Definition
SPI (Stateful Packet Inspection) firewall prevents unauthorized access to a company’s network. The use of an SPI firewall goes beyond examining a stateless filtering system of only the header of a packet and the destination port for authentication. Verifying all the contents of the package before determining if it allows the network access.
This higher level of control provides much more robust security and relevant information about network traffic than a stateless filtering system.
Weaknesses of Stateless Packet Inspection
In February 2002 article for Security Pro News, author Jay Fougere points out that while stateless IP filters can route traffic efficiently. And also, they generate little demand for computing resources, they have serious security flaws in the network.
Stateless filters do not provide packet authentication, cannot program to open and close connections in response to specific events. And also offers easy access to the network to hackers who use IP forgery, in which incoming packets carry a Forged IP address that the firewall identifies as coming from a trusted source.
How an SPI Firewall Regulates Network Access
An SPI firewall records the identifiers of all packets transmitted by your network. And when an incoming packet tries to access the network. The firewall can determine if it is a response to a packet sent from your network or if it has not been requested.
SPI firewall uses an access control list, a database of trusted entities, and their network access privileges. The SPI firewall can refer to the ACL when examining any packet to determine if it comes from a reliable source. And, if so, where it can be routed within the network.
Responding to Suspicious Traffic
The SPI firewall can be programmed to remove any packets sent from sources and not includes in the ACL. Which helps prevent a denial of service attack, in which an attacker floods the network with incoming traffic to jam its resources and render.
It is unable to respond to legitimate requests. The Netgear website points out in its article Security: comparing NAT, static content filtering, SPI, and firewalls. And that SPI firewalls can also examine packets for features used in known piracy attacks. Such as DoS attacks and IP forgery, and remove any packet, which recognizes as potentially malicious.
Deep Pack Inspection
Deep packet inspection offers advanced SPI functionality and can examine the contents of packages in real-time. While deepening enough to retrieve information such as the entire text of an email.
DPI equipped Routers can focus on traffic from specific sites or specific destinations. And also can program to perform particular actions, such as registration or deletion of packets. When packets meet an origin or destination criteria. To examine specific types of data traffic, such as VoIP or transmission media, DPI-enabled routers can be programmed.