Re: statefull inspection FW and hackers
- From: aditya.mukadam@xxxxxxxxx
- Date: 25 Aug 2008 03:01:24 -0000
my take on SPI:
Stateful inspection can be best understood with security zones/level.
By default, most of the firewall dont allow anything to come from low security zone to high (ie lets say from internet to internal resources). This would mean that if internal user accesses internet his response will be blocked. This is not desirable because we donot want to keep on opening hole from internet to internal host on the
firewall. We need some mechanism to allow this response/reply back to the internal user.SPI helps us to achieve it !
As mentioned in the thread and also to keep it simple, SPI maintains a state table of requests and opens the incoming requests for that
connection !Rest all the requests from low security zone to high are denied (if not explicitly allowed)
Thanks,
Aditya Govind Mukadam
- Prev by Date: Securing 3rd party connections to Oracle DB's?
- Next by Date: Re: CEH Course - Your thoughts?
- Previous by thread: Re: statefull inspection FW and hackers
- Next by thread: attack ssh with medusa
- Index(es):
