Glossary
SINAUT MD741-1
148
C79000-G8976-C236-05
Stateful inspection
firewall
A stateful inspection firewall is a packet filtering method. Packet filters
only let IP packets through if this has been defined previously using
firewall rules. The following is defined in the firewall rules:
which protocol (TCP, UDP, ICMP) can go through,
the permitted source of the IP packets (From IP / From port)
the permitted destination of the IP packets (To IP / To port)
It is likewise defined here what will be done with IP packets that are
not allowed through (discard, reject).
For a simple packet filter it is always necessary to create two firewall
rules for a connection:
One rule for the query direction from the source to the destination,
and
a second rule for the query direction from the destination to the
source.
It is different with a stateful inspection firewall. Here a firewall rule is
only created for the query direction from the source to the destination.
The firewall rule for the response direction from the destination to the
source results from analysis of the data previously sent. The firewall
rule for the responses is closed again after the responses are received
or after a short time period has elapsed. Thus responses can only go
through if there was a previous query. This means that the response
rule cannot be used for unauthorised access. What is more, special
procedures make it possible for UDP and ICMP data to also go
through, even though these data were not requested before.
Symmetrical
encryption
With symmetrical encryption the data are encrypted and decrypted
using the same key. Examples of symmetrical encryption algorithms
are DES and AES. These are fast, but require complex administration
as the number of users increases.