A firewall technology that ensures that all inbound packets are the result of an outbound request. Also called "stateful packet inspection" (SPI), it was designed to prevent harmful or unrequested packets from entering the computer. For example, if you click on a link to a Web page, an HTTP request is being made to a specific URL address. All packets coming back from that URL would pass the stateful inspection and be accepted. Every so many minutes, your e-mail program queries the mail server, and returning packets from that server are allowed.
Essential and Problematic
Stateful inspection is the norm and generally a major component in every network firewall and personal firewall. However, stateful inspection causes problems with videoconferencing and VoIP, in which a user outside the network wants to initiate a communication with a user inside the network. Various techniques are used to work around this (see STUN, UPnP and port forwarding). See firewall.
Essential and Problematic
Stateful inspection is the norm and generally a major component in every network firewall and personal firewall. However, stateful inspection causes problems with videoconferencing and VoIP, in which a user outside the network wants to initiate a communication with a user inside the network. Various techniques are used to work around this (see STUN, UPnP and port forwarding). See firewall.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2009 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- InterGate Policy Manager 9.3.1 (Mac)
- InterGate Policy Manager - A comprehensive Internet access management solution, providing fine grained control of web content access, usage of Peer to Peer, Instant Messaging and Skype networks, logging and reporting of user activity, as well a core IP router and firewall to provide advanced protection to your network. Advanced...
- Software downloads 2009-10-09
- PCI DSS Compliance and the Digi TransPort Router
- This paper explains how Digi TransPort routers can be part of a PCI DSS compliant system. They comply with the PCI DSS version 1.2 requirements via these major features: Stateful inspection firewall, network segmentation via VLAN or Ethernet Port Isolation, MAC filtering to prevent unwanted client PCs on the network,...
- White papers 2009-07-27
- Asus Wireless-N RT-N16 router offers 300Mbps throughput
- ASUS on Tuesday announced the RT-N16 router, touting speed for data transfers, simplicity for usage and security. The RT-N16 offers a maximum wireless speed throughput of 300Mbps and enables 24/7 downloads to wireless clients, even when PCs are off. The router comes with...
- Blog posts 2009-06-30
- Botnet exploiting MS0867 flaws (Inside the botnets that never make the news)
- Botnet exploiting MS0867 flaws Inside the botnets that never make the newsBlock IRC traffic completelyThat's the solution. IRC traffic has no place in business environments.Image 5...Did you do the obfuscating? If not, how do you know they're all on the same server?How pray tell?You're forgetting, any type of...
- Discussion threads 2009-05-21
- The Dirty Secret Behind the UTM: What Security Vendors Don't Want You to Know
- Until the late 1990s, network security threats were predominantly written by programmers seeking notoriety, or those who just wanted to test their skills and have some fun, at the expense of other computer users. As a result, early threats were limited in scope and capabilities, and were easily thwarted using...
- White papers 2009-04-17
- WG: Requirements for Network Monitoring From an IDS Perspective
- Detection of malicious traffic is based on its input data, the information that is coming from network-based monitoring systems. Best detection rates would only be possible by monitoring all data transferred over all network lines in a distributed network. Monitoring and reporting this amount of data are feasible in neither...
- White papers 2008-05-20
- Using Cisco IOS Zone-Based and Classic Firewall in High-Availability Network Environments
- Businesses increasingly rely on data networks to carry mission-critical information. This is particularly true for businesses that rely on IP data networks to carry voice-over-IP data for packet telephony. Data networks must offer high-availability capabilities so that business continuity is not interrupted by scheduled maintenance or unexpected downtime due to...
- White papers 2008-04-01
- Are Commercial Firewalls Ready for IP Version 6?
- IP version 6 transport is not broadly supported by commercial firewalls. If organizations attempt to "Go native IPv6" today, they will be limited to choosing among the 31% of the firewall products surveyed that support IPv6 transport. The paper does note, however, that although fewer than one in three products...
- White papers 2008-04-01
- SMC SMCWGBR14-N Barricade N router
- You may not be familiar with SMC, but you should if you're shopping for a Draft N router. The company's SMCWGBR14-N Barricade N router finished at or above the average of the group of recent Draft N 2.0 routers we've tested while exhibiting impressive range. It also boasts a generous...
- Product reviews 2008-03-13
- The Advantages of a Multi-core Architecture in Network Security Appliances
- Network security has become increasingly complex. Network communications no longer rely simply on store-and-forward applications like email, but have expanded to include real-time collaboration tools, Web 2.0 applications, Instant Messenger IM and peer-to-peer applications, Voice over IP VoIP, streaming media and telepresence conferencing, each presenting conduits for potential attack. The...
- White papers 2008-02-21
- Exploiting Stateful Inspection of Network Security in Reconfigurable Hardware
- One of the most important areas of a network Intrusion Detection System NIDS, stateful inspection, is described in this paper. The paper presents a novel reconfigurable hardware architecture implementing TCP stateful inspection used in NIDS. This is to achieve a more efficient and faster network intrusion detection system as todays'...
- White papers 2008-01-01
- Essentials of Information Security - Security+
- Instantly save $300 off the standard course price when you register on TechRepublic or ZDNet! Offer ends June 26, 2009.View Available Dates and LocationsIn this intense, hands-on course, you will not only prepare for the Security+ certification, but you will also gain the foundation security knowledge to protect...
- Training 2008-01-01
- Check Point NGX CCSA/CCSE
- Instantly save $300 off the standard course price when you register on TechRepublic, ZDNet, or BNET! Offer ends June 26, 2009.View Available Dates and LocationsThere are more Check Point firewalls protecting networks than any other firewall on the market. Check Point's patented stateful packet inspection sets the standard for other...
- Training 2008-01-01
- How Cisco IT Migrated to Stronger Firewall Protection for Large Sites
- Like other companies, Cisco Systems needs to connect its intranets to the public Internet to remain competitive and successful. But while connecting to the Internet is critical to Cisco's survival, it also exposes the network to potential attacks from anywhere in the world. Cisco IT and Cisco Information Security InfoSec...
- Case studies 2007-12-21
- The Corporatenet will be a big 2008 trend
- Having beaten back attempts to mandate net neutrality, phone and cable giants are busy hijacking the Internet for their own purposes. (Big Brother poster from TomGPalmer.Com.) I tried to download a new copy of OpenOffice yesterday, using the BitTorrent client suggested on the OpenOffice Web site. It...
- Blog posts 2007-12-10
- NetVeda Safety.Net 3.8 (Windows)
- Safety.Net offers inbound and outbound firewall protection, filtering, parental controls and e-mail safety for home office. It protects all computers on the network from hackers, worms, Trojans and intruders with multi layer deep packet stateful inspection. Users control which applications and components are trusted to access the network. Advanced Firewall...
- Software downloads 2007-10-02
- Discussion of Conceptual Difference Between Cisco IOS Classic and Zone-Based Firewalls
- Cisco IOS has supported stateful inspection firewall capability since before Cisco IOS Software Version 12.0. Stateful Inspection Firewall features are supported through the Classic Firewall (formerly known as Context-Based Access Control, or CBAC). Cisco IOS Software introduced an additional configuration model for stateful inspection with the Zone-Based Policy Firewall ZFW...
- White papers 2007-10-01
- Microsoft Sample for Custom Disclaimer Using Office Live Communications Server 2005 1 (Windows)
- The CustomDisclaimers sample application included in this download is an example of a Microsoft SIP Processing Language MSPL application that uses managed code to provide enhanced processing functionality. MSPL applications are used in Live Communications Server environments to provide organizations with enhanced filtering, logging, and communications processing functionality by providing...
- Software downloads 2007-09-20
- Can Mac users rely on Apple to protect them from security threats?
- Can Mac users rely on Apple to protect them from security threats?Yeah, you must really love shovin' that one down everyone's throatsFunny a lot of your Mac posts are in regard to the blindness under Apple and the utter disregard Mac users have for security.Really, you should get out more...
- Discussion threads 2007-07-17
- The Yoggie Pico Pro Linux security appliance review - Part 1
- Yesterday I received a Yoggie Pico Pro personal security appliance for review. This is a new Linux-based security computer that's the size and shape of a USB flash drive. The idea is that rather than run security apps on your PC, have them all running on the Yoggie instead. Nice...
- Blog posts 2007-06-14
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer>>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
Popular Sanity Saver Videos
