?
Solved

What OSI layer(s) does a stateful packet inpection firewall work at?

Posted on 2010-11-26
3
Medium Priority
?
3,082 Views
Last Modified: 2012-06-22
Greetings Experts,

I'm studying for the CompTIA Security+ exam and I'm reading material on SPI firewalls or Stateful Packet Inspection.  One aspect that I'm having a little of trouble grasping is at what layer(s) does SPI work at?  I went online and found Layer 3 but other sources say its Layer 3 and Layer 4.  I was wondering if someone could clarify and point me to some definite sources where I can find this information like Cisco's site or some other reputable networking company.  Thanks in advance experts.  
0
Comment
Question by:student_23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 10

Accepted Solution

by:
lanboyo earned 1600 total points
ID: 34219781
A stateful packet firewall would be inspecting at layer 4 and up.

Since the firewall is keeping track of the state of tcp sessions as they are traversing it, it is looking at ( for instance ) the tcp syn, ack bits as well as tcp source and destination ports.

If it was an IP source and destination only filter or access list this would be a level 3 OSI thing.

Best place to find this would be a security plus bran dump sad to say. These are security abstractions that relate to security abstractions.
0
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 400 total points
ID: 34221509
I agree to the above. Please keep in mind that TCP/IP is NOT working exactly with OSI Layers. Some of the protocols act on more than one layer, or in-midst of them. So an exact assignment isn't feasible in many cases.
About the "4 and up", a SPI firewall often even needs to inspect the payload, e.g. for FTP, to change private to public IPs, read port negotiations, and more. That corresponds to Layer 5 and up.

Implementing a good SPI firewall is quite complex because of that, and I don't think you will find any documentation readily composed for that reason.
0
 

Author Closing Comment

by:student_23
ID: 34223786
lanboyo and Qlemo,

Thank you very much for your valuable insight.  I did look in my book but there's isn't more information on SPI.
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question