Which of the following occurs at Layer 7 of the OSI model?
- Packet filtering
- Stateful firewall operation
- Deep packet inspection
Explanation: Deep packet inspection is performed by application firewalls, which operate at layer 7 (the Application layer) of the OSI model. This is the examination of the actual data portion of the IP packet. An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the Application layer of the Open Systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device, such as a switch or a router.
Stateful firewall operation occurs at Layer 3. This type of inspection monitors the TCP three-way handshake which occurs at Layer 3. Stateful firewalls, monitor the state of each TCP connection as well. When traffic is encountered, a stateful firewall first examines a packet to see if it is the result of a previous connection. Information about previous connections is maintained in the state table.
With a stateful firewall, a packet is allowed if it is a response to a previous connection. If the state table holds no information about the packet, the packet is compared to the access control list (ACL). Depending on the ACL, the packet will be forwarded to the appropriate host or dropped completely.
Packer filtering can be done based on IP addresses and port numbers. That means this type of filtering occurs at Layer 3 and 4.
VLANs filter traffic by MAC addresses, and as such operate at Layer 2 of the OSI model.
Objective: Network Concepts
Sub-Objective: Compare and contrast deep packet inspection with packet filtering and stateful firewall operation.