Firewalls Evolution

As discussed in the previous article, a firewall simply inspects the traffic, and takes the decision to permit or block the packets based on the different fields in the third and fourth layers headers. In face, this task can be done by the Access Lists found on all the available routers in the market.

The Access List decided to permit or block the traffic based on the following 5-Fields:

1. Source IP-Address
2. Destination IP-Address
3. Protocol (TCP, UDP, ICMP, etc.)
4. Source Port
5. Destination Port

In the late nineties the idea of Stateful Firewalls was introduced. As you know, when two hosts communicate, they keep sending and receiving packets. So in the case of Access List, two rules have to be added in both directions for those hosts to be able to communicate. But Stateful Firewalls on the other hand are smarter than this. They keep track of the Session, and that's why in Stateful Firewalls you only have to create one rule from the Client to the Server, traffic from the Server to the Client will be treated as a part of the session, and that's why you won't need to add an extra rule in such direction.

Stateful Firewalls are also more secure than Access Lists, as packets that doesn't belong to an active session will be dropped. The presence of Session Table in Stateful Firewalls improves their performance as they only need to check the rules in the first packet of the session.

Notes:

1. Please tell me if the subject is not clear enough, or if you feel that I have to write more details in order to clarify it.

2. You can read more about Stateful Firewalls here and here.

Tags: Firewalls, Security, Gr33n Data