[TABS_R id=8782]
Which of the following statements is true regarding stateful firewalls? (Select the best answer.)
- Their primary purpose is to hide the source of a network connection.
- They operate at the Application layer of the OSI model.
- They allow traffic into a network only if a corresponding request was sent from inside the network.
- They can block traffic that contains specific web content.
Explanation:
Stateful firewalls allow traffic into a network only if a corresponding request was sent from inside the network. A stateful firewall makes filtering decisions based on previous packets that have been sent. It does so by keeping track of the state of each session. When an outbound session is initiated, the stateful firewall will create an entry in the firewall’s state table and dynamically allow the return traffic in the inbound direction. Inbound traffic from other sources will be blocked unless there is a corresponding outbound session listed in the state table. Stateful firewalls are more secure than packet filtering firewalls, which make filtering decisions based on each packet individually without regard to session state.
The primary purpose of a stateful firewall is not to hide the source of a network connection. If you want to hide the source of a network connection, you should use a proxy firewall or implement Network Address Translation (NAT) or Port Address Translation (PAT). A proxy firewall terminates the connection with the source device and initiates a new connection with the destination device, thereby hiding the true source of the traffic. When the reply comes from the destination device, the proxy firewall forwards the reply to the original source device. NAT is used to translate private addresses used on an internal network to public addresses that are routable over the Internet. Because NAT performs address translation between private and public addresses, NAT effectively hides the address scheme used by the internal network, which can increase security. NAT also reduces the number of public IP addresses that a company needs to allow its devices to access Internet resources, thereby conserving IP version 4 (IPv4) address space.
Stateful firewalls do not operate at the Application layer of the Open Systems Interconnection (OSI) model. Both stateful firewalls and packet filtering firewalls operate at the Network layer and the Transport layer of the OSI model. Stateful firewalls and packet filtering firewalls do not understand Application layer data, so they cannot filter traffic based on that data. For example, a stateful firewall cannot block traffic that contains specific web content, because the stateful firewall does not understand Hypertext Transfer Protocol (HTTP) data.
[TABS_R id=8782]