What is NOT an advantage of Stateful Inspection?
What is NOT an advantage of Stateful Inspection?
Stateful Inspection firewalls provide good security by maintaining context about active sessions and dynamically filtering traffic based on this context. They offer transparency because they work in the background without disrupting the normal flow of communication. High performance is another advantage as they are designed to efficiently handle large volumes of traffic. Therefore, the statement 'No Screening above Network Layer' is incorrect because Stateful Inspection does screen traffic above the network layer, inspecting data up to the application layer.
Stateful Inspection Pros: • Good Security • Full Application-layer Awareness • High Performance • Extensibility • Scalability • Transparency https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0CAIQw7AJahcKEwjItYCEyYmAAxUAAAAAHQAAAAAQAg&url=https%3A%2F%2Fcommunity.checkpoint.com%2Ffyrhh23835%2Fattachments%2Ffyrhh23835%2Fappliances-and-gaia%2F4996%2F1%2FStateful_Inspection.pdf&psig=AOvVaw2U5bxXKd7QjFUP7PTb6w3A&ust=1689264872815788&opi=89978449
In this case I would day D is the correct answer. The Stateful inspection operates primarily at the transport and network layers of the OSI model. It's got good security and transparency as it can analyze upper layer information.
https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0CAIQw7AJahcKEwjItYCEyYmAAxUAAAAAHQAAAAAQAg&url=https%3A%2F%2Fcommunity.checkpoint.com%2Ffyrhh23835%2Fattachments%2Ffyrhh23835%2Fappliances-and-gaia%2F4996%2F1%2FStateful_Inspection.pdf&psig=AOvVaw2U5bxXKd7QjFUP7PTb6w3A&ust=1689264872815788&opi=89978449
I think D, this inspection affects in the performance on the FW because must be mantain the connections table. About C answer: https://www.tchk.net/download/Stateful_Inspection.pdf (page 7 from this PDF) With Stateful Inspection, the packet is intercepted at the network layer, but then the INSPECT Engine takes over. It extracts state-related information required for the security decision from ALL APPLICATIONS LAYERS and maintains this information in dynamic state tables so "C" in this context is false. The Stateful Inspection always screening above network layer
I think D, https://www.checkpoint.com/cyber-hub/network-security/what-is-firewall/what-is-a-stateful-firewall/ Stateful firewalls have the same capabilities as stateless ones but are also able to dynamically detect and allow APPLICATION communications that stateless ones would not. Stateless firewalls are not application aware—that is, they cannot understand the context of a given communication.
I think D is correct, since stateful inspection do check up to the application layer.