- Firewall Review
- Static Firewall
- Stateful Firewall
- The Internet Connection Firewall
- Enabling & Disabling the ICF
- Services Options
- Adding a Service
- Programs Options
- Security Logging Options
- Setting up Security Logging
- ICMP Options
- Adjusting the ICMP Options
- Understanding the ICMP options
- Issues to clarify before enabling Internet Connection Sharing
- Enabling / Adjusting / Disabling Internet Connection Sharing
- Summary of the ICF
A stateful firewall also examines a packet at the network layer and compares the source and destination IP address using a set of guidelines created by a network administrator. However, it goes one step further in that it also looks at the data the packet is carrying and protects the network up to the Application layer (Fig. 5-1) . This allows an internal computer to host a web service such as an Email or FTP server. By ensuring that the data in the packet is valid, the firewall can prevent hackers from using the services as relay points to pass unauthorized data.
Also, as a stateful firewall processes incoming and outgoing packets, it records the origin of the connection. The connection tag is then compared against any other incoming packets that are destined for an internal computer to ensure that it is expected. This provides an extra layer of protection in case a hacker spoofs a packet or hijacks a connection.
In addition, a stateful firewall keeps all ports closed until an internal computer requires them. This type of protection effectively turns a computer invisible to those on the Internet ("stealth mode"). Unless a hacker happens to do a port scan when a connection is in use, the scan will come back blank.