VPC S3 Stateful/Stateless Flashcards
What is a stateless firewall?
A stateless firewall filters traffic based on static values such as IP addresses, ports, and protocols without considering the state of network connections. It applies rules to each incoming packet independently of preceding or subsequent packets.
What is a stateful firewall?
A stateful firewall tracks the state of active connections and makes decisions based on the context of the traffic and packets sent over a connection. It allows or blocks traffic based on the state of the connection, such as established, new, or related to an existing connection.
How do stateless firewalls differ from stateful firewalls?
Stateless firewalls filter traffic with fixed criteria and do not track the connection state, making them faster but less secure. Stateful firewalls, however, inspect and keep track of the state of network connections, offering higher security by understanding the context of the traffic.
What are the advantages of stateless firewalls?
Stateless firewalls offer speed and simplicity. They consume less processing power and can handle large amounts of traffic efficiently because they filter packets based on the first-hand inspection without considering the connection’s state.
What are the advantages of stateful firewalls?
Stateful firewalls provide enhanced security by monitoring the state of active connections. They can detect and block specific types of attacks, such as TCP SYN floods and unauthorized access attempts, that stateless firewalls might not catch due to their deeper context awareness.
When would you use a stateless firewall?
A stateless firewall is best used in scenarios where speed is critical and the network traffic is predictable and does not require complex filtering decisions based on the connection’s state. Examples include simple filtering tasks within internal networks or on dedicated, high-speed network links where basic packet filtering is sufficient.
When would you use a stateful firewall?
A stateful firewall is suited for environments where security is a priority, and there is a need for complex, dynamic access control decisions based on the state of network connections. This includes perimeter defense, where it is critical to monitor and control incoming and outgoing traffic based on its context.
Can a firewall be both stateless and stateful?
Some firewall solutions offer both stateless and stateful operating modes, allowing administrators to configure specific rules or interfaces to operate in a stateless mode for efficiency, while others operate in stateful mode for enhanced security. However, this configuration depends on the capabilities of the specific firewall product.
What kind of attacks can stateful firewalls protect against that stateless cannot?
Stateful firewalls can protect against complex, state-dependent attacks such as unauthorized connection attempts, session hijacking, and certain types of denial-of-service attacks, which are more challenging for stateless firewalls to detect due to their lack of connection awareness.
How do stateful firewalls track the state of connections?
Stateful firewalls track the state of connections using a state table, also known as a connection or session table. This table records all ongoing connections passing through the firewall, including details about the connection’s protocol, source and destination IPs, ports, and the current state of the connection (e.g., established, pending, or terminated).
