[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

What OSI layer(s) does a stateful packet inpection firewall work at?

Posted on 2010-11-26
3
Medium Priority
?
3,773 Views
Last Modified: 2012-06-22
Greetings Experts,

I'm studying for the CompTIA Security+ exam and I'm reading material on SPI firewalls or Stateful Packet Inspection.  One aspect that I'm having a little of trouble grasping is at what layer(s) does SPI work at?  I went online and found Layer 3 but other sources say its Layer 3 and Layer 4.  I was wondering if someone could clarify and point me to some definite sources where I can find this information like Cisco's site or some other reputable networking company.  Thanks in advance experts.  
0
Comment
Question by:student_23
3 Comments
 
LVL 10

Accepted Solution

by:
lanboyo earned 1600 total points
ID: 34219781
A stateful packet firewall would be inspecting at layer 4 and up.

Since the firewall is keeping track of the state of tcp sessions as they are traversing it, it is looking at ( for instance ) the tcp syn, ack bits as well as tcp source and destination ports.

If it was an IP source and destination only filter or access list this would be a level 3 OSI thing.

Best place to find this would be a security plus bran dump sad to say. These are security abstractions that relate to security abstractions.
0
 
LVL 72

Assisted Solution

by:Qlemo
Qlemo earned 400 total points
ID: 34221509
I agree to the above. Please keep in mind that TCP/IP is NOT working exactly with OSI Layers. Some of the protocols act on more than one layer, or in-midst of them. So an exact assignment isn't feasible in many cases.
About the "4 and up", a SPI firewall often even needs to inspect the payload, e.g. for FTP, to change private to public IPs, read port negotiations, and more. That corresponds to Layer 5 and up.

Implementing a good SPI firewall is quite complex because of that, and I don't think you will find any documentation readily composed for that reason.
0
 

Author Closing Comment

by:student_23
ID: 34223786
lanboyo and Qlemo,

Thank you very much for your valuable insight.  I did look in my book but there's isn't more information on SPI.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question