Stateless vs Stateful Firewalls

Ref: https://learn.cantrill.io/courses/2022818/lectures/45660747 [TECH-FUNDAMENTALS] =OR= https://learn.cantrill.io/courses/1820301/lectures/41301354 [SAA-C03]

YouTube: https://www.youtube.com/watch?v=rL4-vbsN35w

TCP connections, ports and directionality

TCP is a connection based protocol → A bi-directional connection is established between two devices using a random/ephemeral port on a client and a known port on the server
- For HTTPS, the TCP port on the server is always 443
- Range of random/ephemeral ports = 1024-65535
  - Actual range depends on the OS of the client machine! → we need to allow all possible ephemeral ports though
Each connection has 2 parts: request and response.
Directionality of a connection = inbound/outbound
- ‼️ Depends on perspective (client/server)

🔧 Examines each individual NW packet in isolation
- Layers 3 & 4 of OSI-7L Model
Makes decisions based on predetermined rules, without keeping track of the state of the NW connection
- ❗ Needs TWO rules per connection (1 IN, 1 OUT)
- 💡 When configuring, always start by thinking “is the request coming IN or OUT of my machine?” → Then I need to add an inverse rule too for the response
Needs to allow the whole range of ephemeral ports (1024-65535) in its rules in order to allow incoming connections
- 👎 Significant admin overhead, prone to mistakes → Makes security engineers uneasy

🔧 Monitors and tracks state of NW connections → keeps track of individual NW sessions
- Layer 5 of OSI-7L Model
Intelligent enough to identify request & response as being related → makes more informed decisions about what NW traffic to allow or deny.
- ❗ Needs ONE rule per connection
- You only need to know if the request is allowed (IN or OUT) → the response is automatically allowed (OUT or IN)
- 👍 Reduces admin overhead & mistakes