Stateless and Stateful Inspection - Firewall Security Basics
When you have a network, there’s a lot of work involved with building and maintaining that network. On top of that, you need to secure the network, and keeping connected devices safe is an endless pursuit.
One thing that can help with network security is a good firewall. That’s why we’re going to spend a few minutes discussing how firewalls work and what some of your options are when choosing one. With this information, you can make efficient decisions about your own network and hardware. Hopefully, it will help you build a more secure network while still saving money.
What Are Firewalls?
This conversation begins with a brief explanation of firewalls. A firewall is a device that is designed to improve network security. Specifically, firewalls will monitor incoming and outgoing traffic in a network. The firewall is there to decide which traffic is allowed or blocked, whether incoming or outgoing. These decisions are made using predetermined rules and applying them to the information available.
As you might imagine, there is more than one viable way to approach the concept of firewalls. That said, you can boil a lot of firewall decision making down to two concepts: stateful and stateless inspection.
What Is Stateless Inspection?
A stateless inspection is a more basic way to run a firewall. With stateless inspection, the firewall is still using preset rules to determine what traffic is and isn’t allowed, but the stateful inspection works in a specific way that reveals a lot of its functionality.
First, it’s important to understand that “inspection” refers to when the firewall reviews a communication packet. That review process (known as the inspection) is when a decision is made as to whether or not the data will be allowed past the firewall.
So, a stateless inspection is a moment of decision where the firewall does not look at a state created for the connection in question.
What this really means is that the firewall can only look at a data packet’s header to make its determination. The header holds very little information regarding the transmission, so a stateless inspection has to make determinations without a deep look at the information within the packet or many other factors related to a specific packet.
Generally speaking, a stateless inspection only gets to look at the inbound and outbound IP addresses. That means that a stateless inspection (more often than not) is determining what traffic is allowed solely by judging IP addresses.
This does allow for whitelisting and blacklisting, but it’s not the most sophisticated approach to protect a network.
What Is Stateful Inspection?
Based on everything you just read, it’s not too hard to understand what a stateful inspection is. This is where the firewall creates a state that stores information related to each individual connection. The stateful inspection can still review the header — meaning it has access to all of the same information as a stateless inspection. But, the stateful inspection can look at many other communication details.
With this extra information, stateful firewalls are able to follow more sophisticated rulesets and protect against types of threats that a stateless inspection would never notice. TCP and DDoS threats are at the top of that list.
Which Is Right for You?
Considering this key difference, a stateful inspection is always the better way to go, right? It just offers better protection?
Well, things in networking are rarely so straightforward. Stateless inspection still exists because it offers a few pros that make it appealing in certain types of applications.
For the most part, stateless inspection is cheaper and faster than stateful inspection. For smaller business networks, stateless inspection can save money and prevent network lag that might disrupt business operations. On top of that, smaller business networks often see less overall traffic. Statistically, that translates to seeing fewer network-based threats, which means you might be able to get away with lighter security.
Meanwhile, the sophistication of stateful inspection is absolutely necessary for larger enterprise networks. When you have a lot of traffic and sensitive information within that traffic, you want the method that is more secure, and that is stateful inspection.
Additional Learning Center Resources