Stateful firewalls are only seeing one aspect of the security picture by looking at the packet header. We need firewalls to perform more content filtering and deep packet inspection.

Network firewalls were created as the primary perimeter defense for most organizations, but since its creation the technology has spawned many iterations: proxy, stateful, Web app, next-generation ...

Traditionally, firewalls are designed to monitor states of network traffic, using stateful packet inspection (SPI) to make decisions about the risk from incoming traffic and resource requests.

Today's technologies include stateful firewalls, which track network connections, such as TCP or UDP. In other words, a stateful firewall analyses each packet in context, not in isolation.

In a 12-month study (PDF) spanning from October 2009 to September 2010, the firm discovered that the improper use of stateful firewalls has actually left many ISPs more susceptible to DDoS.

But there is a trade-off between performance gains and security. Stateful packet filters use a state table to keep track of which packets should be permitted through the firewall, and this state ...

Historically, firewalls have been the primary stateful network device. Operating at the WAN boundary to protect an organization from incoming traffic, a firewall’s relatively slow throughput ...

Stateful Packet Inspection (SPI) is a more advanced router firewall that studies a greater number of packet characteristics before deciding to allow it in. For example, SPI will look at the nature ...