 |
 |
|
Glossary of Firewall related terms
(May not consist solely of Firewall related terms)
Gratuitous ARP Request (also known as “ARP announcement”):
Gratuitous ARP Request (also known as “ARP announcement”) is a type of request that is unsolicited, and is normally not intended to cause a reply. While Gratuitous ARP Requests can serve many purposes, 2,3 the most prominent use of such a request is for a host to announce its existence in the network.
Comodo - Personal Firewall PRO offers its users to disable Gratuitous ARP Requests entirely while Jetico - Personal Firewall offers to block just the Gratuitous ARP Requests in an event of an IP conflict (this is where the source IP address being used by another machine on the same network).
Packet filter:
A firewall technique that examines the headers of traversing packets, coming from and going out to internet, and either grants or denies permission based on information held within the packet header according to a set of filters (rules).
Packet filters operate at the network layer (layer-3) and lower and function more efficiently because they only look at the header part of a packet. However, basic / pure packet filters have no concept of state as defined by computer science using the term finite state machine and are subject to spoofing attacks and other exploits. And since the pure packet filters have no concept of connection state, we also refer to this technology as stateless or static packet filters.
Firewall:
A software or hardware system designed to specifically provide protective barrier, it prevents unauthorized access to and from a private network.
Stateful Inspection:
Stateful Inspection Firewall Technology, a term coined by Check Point Software Technologies (Patent #5,606,668) in 1993, and was first implemented in Check Point's FireWall-1 product that came out the same year. Stateful packet filtering (also refered as advanced form of packet filtering) that provides accurate and highly efficient traffic inspection, and with full application-layer awareness for the highest level of security.
Stateful filtering:
Describes a method for the analysis and tracking of sessions based upon source/destination IP address and source/destination ports. A stateful filtering firewall registers connection data and compiles this information in a kernel-based state table. A stateful firewall examines packet headers and, essentially, remembers something about them (generally source/destination IP address/ports). The firewall then uses this information when processing later packets.
Deep Packet Inspection:
Deep Packet Inspection (DPI) (also called complete packet inspection and Information eXtraction - IX -) is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information.
(May not consist solely of Firewall related terms)
Gratuitous ARP Request (also known as “ARP announcement”):
Gratuitous ARP Request (also known as “ARP announcement”) is a type of request that is unsolicited, and is normally not intended to cause a reply. While Gratuitous ARP Requests can serve many purposes, 2,3 the most prominent use of such a request is for a host to announce its existence in the network.
Comodo - Personal Firewall PRO offers its users to disable Gratuitous ARP Requests entirely while Jetico - Personal Firewall offers to block just the Gratuitous ARP Requests in an event of an IP conflict (this is where the source IP address being used by another machine on the same network).
Packet filter:
A firewall technique that examines the headers of traversing packets, coming from and going out to internet, and either grants or denies permission based on information held within the packet header according to a set of filters (rules).
Packet filters operate at the network layer (layer-3) and lower and function more efficiently because they only look at the header part of a packet. However, basic / pure packet filters have no concept of state as defined by computer science using the term finite state machine and are subject to spoofing attacks and other exploits. And since the pure packet filters have no concept of connection state, we also refer to this technology as stateless or static packet filters.
Firewall:
A software or hardware system designed to specifically provide protective barrier, it prevents unauthorized access to and from a private network.
Stateful Inspection:
Stateful Inspection Firewall Technology, a term coined by Check Point Software Technologies (Patent #5,606,668) in 1993, and was first implemented in Check Point's FireWall-1 product that came out the same year. Stateful packet filtering (also refered as advanced form of packet filtering) that provides accurate and highly efficient traffic inspection, and with full application-layer awareness for the highest level of security.
Check Points own brief description;
- "Stateful Inspection, invented and patented by Check Point, is the de facto standard in network security technology. Stateful Inspection provides accurate and highly efficient traffic inspection with full application-layer awareness for the highest level of security. Customers experience higher performance, scalability, and the ability to support new and custom applications much more quickly than with older architectures."
Note: Firewall vendors in the past advertised their products with SPI support, but with no Deep Packet Inspection (DPI) support ... no Application-layer awareness for the highest level of security, so we refer to these designs normally as SPF (Stateful Packet filtering) or simple SPI (Stateful packet Inspection)
Stateful filtering:
Describes a method for the analysis and tracking of sessions based upon source/destination IP address and source/destination ports. A stateful filtering firewall registers connection data and compiles this information in a kernel-based state table. A stateful firewall examines packet headers and, essentially, remembers something about them (generally source/destination IP address/ports). The firewall then uses this information when processing later packets.
Deep Packet Inspection:
Deep Packet Inspection (DPI) (also called complete packet inspection and Information eXtraction - IX -) is a form of computer network packet filtering that examines the data part (and possibly also the header) of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination, or for the purpose of collecting statistical information.
