Stateful Firewall
Classification Key
: Exterior Security, Information Disclosure
Problem
Correlation is useful if the packets include portions of commands or data needed for attacks and therefore they can be identified to and be fit to the bigger context.
How can we correlate incoming packets?
Solution
Keep a list or table with the connections that have been opened and correlate the types of messages received or sent. The system may also opt not to check the packets of a well-established connection for improved performance.
Known Uses
Commercial firewalls from Check Point Technologies and CyberGuard.
Related Patterns
Packet Filter Firewall, Proxy based Firewall
Source
Wiley Book
Tags
Firewall, Filtering, Access Control, State
|