stateful inspection

Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

Stateful inspection has largely replaced an older technology, static packet filtering. In static packet filtering, only the headers of packets are checked -- which means that an attacker can sometimes get information through the firewall simply by indicating "reply" in the header. Stateful inspection, on the other hand, analyzes packets down to the application layer. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter can.

Stateful inspection monitors communications packets over a period of time and examines both incoming and outgoing packets. Outgoing packets that request specific types of incoming packets are tracked and only those incoming packets constituting a proper response are allowed through the firewall.

In a firewall that uses stateful inspection, the network administrator can set the parameters to meet specific needs. In a typical network, ports are closed unless an incoming packet requests connection to a specific port and then only that port is opened. This practice prevents port scanning, a well-known hacking technique.

Check Point Software Technologies developed stateful inspection in the early 1990s.

Learn more about Network Security Best Practices and Products

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Service Strategies, Inc. explains how stateful inspection works. - SearchSecurity.com offers news, research and expert advice about firewalls.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT 3Com acquisition confirms HP-Cisco battle for China HP's 3Com acquistion ups the ante in the race to provide converged enterprise networks. Enterprises demand next-generation firewalls with IPS, app visibility Next-generation firewalls consolidate multiple network security functions into a single appliance. Some vendors have, some are still getting there. Preventing hacker attacks with network behavior analysis IPS Preventing a security breach on your network requires at least two techniques: signature-based and anomaly-based network behavior analysis. Learn how...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) dynamic packet filter  (SearchNetworking.com)