1.10. Stateful vs Stateless Firewalls
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/31
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
32 Terms
What are TCP and IP in networking?
TCP (Transmission Control Protocol) is a Layer 4 protocol that runs on top of IP (Internet Protocol). TCP provides reliable, ordered, and error-checked delivery of data, while IP handles addressing and routing packets between hosts.
What are well-known ports?
Well-known ports are specific TCP/UDP port numbers associated with popular services (e.g., TCP 80 for HTTP, TCP 443 for HTTPS).
What is an ephemeral port?
An ephemeral port is a temporary port number (typically between 1024–65535) chosen by the client to initiate a connection.
What are the two main parts of a TCP connection?
The request, where the client connects to the server, and the response, where the server replies to the client.
What uniquely identifies a TCP connection?
The combination of source IP, source port, destination IP, and destination port.
What does the client use as the destination port when initiating a TCP connection?
A well-known port (e.g., TCP port 443 for HTTPS).
What does the server use as the destination port when replying?
The client’s ephemeral port originally used during the request.
What does it mean that directionality is "perspective-based"?
The same traffic is outbound from the client and inbound to the server. Direction (inbound or outbound) depends on where you are observing the traffic from.
What is a stateless firewall?
A firewall that does not track or remember the state of connections. It evaluates each packet in isolation.
How many rules are needed in a stateless firewall for one TCP connection?
Two: one for the request (e.g., inbound to server) and one for the response (e.g., outbound from server).
Why do stateless firewalls require more administrative overhead?
Because you must explicitly define both the request and the response as separate rules.
Why do stateless firewalls often allow a wide range of ports?
Because the client uses a random ephemeral port for the response destination, and the firewall doesn’t know which one in advance.
What is a stateful firewall?
A firewall that tracks the state of connections and automatically allows associated response traffic once the request is permitted.
How does a stateful firewall simplify configuration?
It allows admins to define only the request rule; the firewall automatically allows the response traffic.
Why are stateful firewalls generally considered more secure?
Because they do not require broad port allowances and minimize configuration errors.
In the case of a client requesting a webpage, how is the traffic viewed by the client?
The request is outbound, and the response is inbound.
In the same scenario, how is the traffic viewed by the server?
The request is inbound, and the response is outbound.
If a server downloads software updates, what direction is the request?
Outbound (from server to update server).
In that same case, what direction is the response?
Inbound (from update server to server).
Why is it important to understand the direction of the request in firewall configuration?
Because the direction of the response is always the inverse, and you must configure rules accordingly (especially in stateless firewalls).
What port range typically defines ephemeral ports?
1024 to 65535 (though OS-dependent).
Why do stateless firewalls make security engineers uneasy?
Because they often require opening a wide range of ephemeral ports, increasing the attack surface.
Why do stateful firewalls not require opening the full ephemeral port range?
They automatically identify the correct response port based on the original request and allow it without needing a broad rule.
In AWS, what kind of firewall are network ACLs (NACLs)?
Stateless firewalls.
In AWS, what kind of firewall are security groups?
Stateful firewalls.
Which type of firewall is easier to manage: stateful or stateless?
Stateful, because it tracks connection states and reduces manual rule duplication.
Can a single connection (from a human point of view) result in multiple packets?
Yes, TCP connections are made up of many packets flowing between the client and server.
What is the best way to start thinking about firewall rules?
First identify the direction of the request, then infer the response, and configure the firewall appropriately.
What is the default behavior of a stateful firewall regarding response traffic?
It automatically allows it once the request has been permitted.
What happens if a stateless firewall does not have a rule for the response?
The response traffic is blocked, and the connection fails.
When are stateless firewalls appropriate to use?
When fine-grained, unidirectional control is required and the overhead is acceptable, or in low-traffic environments.
When are stateful firewalls preferable?
In most modern systems where maintaining connection state simplifies rules and enhances security.