Which of the following statements is true regarding traditional stateful packetfiltering firewalls? (Select the best answer.)
- They are more efficient than stateless packetfiltering firewalls.
- They can operate at Layers 3, 4, 5, and 7 of the OSI model.
- They prevent more types of attacks than Application layer firewalls do.
- They can defend against DoS attacks.
Stateful packetfiltering firewalls can defend against Denial of Service (DoS) attacks. Stateful packetfiltering firewalls use a state table to track session information. Session information is maintained and tracked by stateful packetfiltering firewalls in order to determine whether packets should be permitted or blocked. For example, when monitoring Transmission Control Protocol (TCP) traffic, the stateful packet filter adds an entry to the state table when a TCP session is permitted. Subsequent packets are verified against the state table to ensure that the packets belong to an established connection. If the TCP packet does not belong to an established connection, the packets are dropped. Thus, if an attacker attempts to send a flood of packets to the network, the packets will be dropped if they do not match a connection in the table.
By contrast, a stateless packetfiltering firewall, which is also referred to as a static packetfiltering firewall, evaluates and either blocks or allows individual packets based on the Layer 3 and Layer 4 information in the packet header. Specifically, stateless packetfiltering firewalls can use the source and destination IP addresses, source and destination port numbers, and protocol type listed in the packet header? these values are commonly known as the 5tuple. Because a stateless packetfiltering firewall allows all traffic from an approved IP address, stateless packetfiltering firewalls are susceptible to IP spoofing attacks, which is a type of attack wherein an attacker uses the source IP address of a trusted host to send messages to other computers. In addition, because a stateless packetfiltering firewall does not maintain a table of active connections, it is more efficient than a stateful packetfiltering firewall.
Traditional stateful packetfiltering firewalls can operate at Layers 3, 4, and 5 of the Open Systems Interconnection (OSI) model but not at Layer 7. Application inspection firewalls, also known as application proxies, can operate at Layer 7-the Application layer-as well as at Layers 3, 4, and 5. This enables application inspection firewalls to prevent more types of attacks than traditional stateful packetfiltering firewalls do. Because they can operate at the Application layer, application inspection firewalls can be used to prevent applicationspecific traffic.