One common requirement for personal firewalls is that they are stateful. What is the most significant characteristic of a stateful firewall?
A) The firewall keeps track of the state of each traffic flow and only allows traffic that matches an existing connection state
B) The firewall relies on static rules to determine the state of incoming traffic
C) The firewall identifies potential attackers and their attack vectors
D) The firewall understands and provides access based on the state of the remote device
The answer: A) The firewall keeps track of the state of each traffic flow and only allows traffic that matches an existing connection state
All modern firewalls use state to help provide a secure environment. Since the firewall knows which conversations are appropriate to allow through the firewall based on past traffic patterns (the “state”), out-of-order traffic from unknown systems are dropped.
The incorrect answers:
B) The firewall relies on static rules to determine the state of incoming traffic
Most firewalls include a ruleset that helps to determine the type of traffic that should pass, but the ruleset is a different set of requirements that goes beyond state. Stateful inspection occurs regardless of any firewall rules.
C) The firewall identifies potential attackers and their attack vectors
Intrusion prevention features are common to see on advanced network security devices. Stateful firewall inspection occurs separately from these intrusion prevention capabilities.
D) The firewall understands and provides access based on the state of the remote device
The state of the remote device (whatever that is) is irrelevant to a stateful firewall’s ability to allow and restrict network access.
Want to know more? Watch “Security Fundamentals.”Data security is the responsibility of everyone in the organization. In this module, we’ll examine some of the basic fundamentals of security such as authentication technologies, file system security, and social engineering. |