Solved

What OSI layer(s) does a stateful packet inpection firewall work at?

Posted on 2010-11-26
3
2,658 Views
Last Modified: 2012-06-22
Greetings Experts,

I'm studying for the CompTIA Security+ exam and I'm reading material on SPI firewalls or Stateful Packet Inspection.  One aspect that I'm having a little of trouble grasping is at what layer(s) does SPI work at?  I went online and found Layer 3 but other sources say its Layer 3 and Layer 4.  I was wondering if someone could clarify and point me to some definite sources where I can find this information like Cisco's site or some other reputable networking company.  Thanks in advance experts.  
0
Comment
Question by:student_23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
lanboyo earned 400 total points
ID: 34219781
A stateful packet firewall would be inspecting at layer 4 and up.

Since the firewall is keeping track of the state of tcp sessions as they are traversing it, it is looking at ( for instance ) the tcp syn, ack bits as well as tcp source and destination ports.

If it was an IP source and destination only filter or access list this would be a level 3 OSI thing.

Best place to find this would be a security plus bran dump sad to say. These are security abstractions that relate to security abstractions.
0
 
LVL 69

Assisted Solution

by:Qlemo
Qlemo earned 100 total points
ID: 34221509
I agree to the above. Please keep in mind that TCP/IP is NOT working exactly with OSI Layers. Some of the protocols act on more than one layer, or in-midst of them. So an exact assignment isn't feasible in many cases.
About the "4 and up", a SPI firewall often even needs to inspect the payload, e.g. for FTP, to change private to public IPs, read port negotiations, and more. That corresponds to Layer 5 and up.

Implementing a good SPI firewall is quite complex because of that, and I don't think you will find any documentation readily composed for that reason.
0
 

Author Closing Comment

by:student_23
ID: 34223786
lanboyo and Qlemo,

Thank you very much for your valuable insight.  I did look in my book but there's isn't more information on SPI.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASE reports it as spam 2 1,064
Allow dynamic IP address to become static. 5 47
WCF Service Application cannot connect from TCP terminal 1 80
IPv6 and IPv4 Subnetting scheme 4 82
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question