Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What OSI layer(s) does a stateful packet inpection firewall work at?

Posted on 2010-11-26
3
Medium Priority
?
3,344 Views
Last Modified: 2012-06-22
Greetings Experts,

I'm studying for the CompTIA Security+ exam and I'm reading material on SPI firewalls or Stateful Packet Inspection.  One aspect that I'm having a little of trouble grasping is at what layer(s) does SPI work at?  I went online and found Layer 3 but other sources say its Layer 3 and Layer 4.  I was wondering if someone could clarify and point me to some definite sources where I can find this information like Cisco's site or some other reputable networking company.  Thanks in advance experts.  
0
Comment
Question by:student_23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
lanboyo earned 1600 total points
ID: 34219781
A stateful packet firewall would be inspecting at layer 4 and up.

Since the firewall is keeping track of the state of tcp sessions as they are traversing it, it is looking at ( for instance ) the tcp syn, ack bits as well as tcp source and destination ports.

If it was an IP source and destination only filter or access list this would be a level 3 OSI thing.

Best place to find this would be a security plus bran dump sad to say. These are security abstractions that relate to security abstractions.
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 400 total points
ID: 34221509
I agree to the above. Please keep in mind that TCP/IP is NOT working exactly with OSI Layers. Some of the protocols act on more than one layer, or in-midst of them. So an exact assignment isn't feasible in many cases.
About the "4 and up", a SPI firewall often even needs to inspect the payload, e.g. for FTP, to change private to public IPs, read port negotiations, and more. That corresponds to Layer 5 and up.

Implementing a good SPI firewall is quite complex because of that, and I don't think you will find any documentation readily composed for that reason.
0
 

Author Closing Comment

by:student_23
ID: 34223786
lanboyo and Qlemo,

Thank you very much for your valuable insight.  I did look in my book but there's isn't more information on SPI.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question