A firewall is one of the main tools protecting us from various attacks and viruses coming through the web. However, not all of them are equally powerful and safe. The SPI firewall is one of the options you could choose. Let’s look at how it works and how good it is.
Stateful packet inspection (or dynamic packet filtering) is a technology that monitors active connections and checks whether incoming data packets correspond to these connections. It then decides whether to grant or deny permission for them to pass the firewall.
As we discussed in this blog post about IP fragmentation, devices transmit data in packets so that the receiving end can process them easier. A single larger data unit might be divided into several packets. However, hackers might compromise these packets to to harm the receiving server. Thus, the SPI firewall checks whether these packets are legitimate and correspond to an already established connection. It discards packets that do not relate to a known connection, thus minimizing the possibility of a breach.
An SPI (stateful packet inspection) firewall protects you by examining incoming packets against existing connections.
In contrast, a stateless firewall bases the examination on static values such as source or destination addresses. It does not take into account the packet’s connection traffic. It applies the same set of rules for different packets and does not have info about its connection. These firewalls cannot be customized to open and close connections. They also do not authenticate packets and cannot detect whether packets come from a legitimate IP. Thus, they are not as safe as SPI firewalls, but are usually faster.
An SPI firewall can remember the attributes of each connection and use this info to determine the validity of a packet. It stores information it obtains by examining the packets and establishing rules. Thus, it sees the broader context of a packet, not only its contents.
Due to this memory, the SPI firewall does not have to inspect every packet thoroughly, so it works faster than deep packet inspection (DPI). The latter deconstructs the packets to check whether they are formed correctly and whether they include any malicious code. DPI is used for a wide variety of purposes including network management, security, data mining or internet censorship. It provides security at the expense of speed.
To learn more about cybersecurity, subscribe to our monthly blog newsletter below!