1
00:00:00,06 --> 00:00:03,02
- [Instructor] Another way to classify firewalls

2
00:00:03,02 --> 00:00:07,00
is by how they examine packets.

3
00:00:07,00 --> 00:00:12,01
There are generally two ways firewalls examine packets.

4
00:00:12,01 --> 00:00:15,07
One is static packet filtering, or SPF,

5
00:00:15,07 --> 00:00:19,09
which inspect packets one at a time.

6
00:00:19,09 --> 00:00:24,02
This approach doesn't use any memory.

7
00:00:24,02 --> 00:00:26,03
The second way is referred to

8
00:00:26,03 --> 00:00:30,09
as stateful packet inspection, or SPI,

9
00:00:30,09 --> 00:00:36,01
which inspects packets in relation to previous packets.

10
00:00:36,01 --> 00:00:40,04
This approach uses memory that remembers

11
00:00:40,04 --> 00:00:42,09
the details about each packet

12
00:00:42,09 --> 00:00:45,05
and because of the use of the memory,

13
00:00:45,05 --> 00:00:48,06
it has substantial advantages.

14
00:00:48,06 --> 00:00:52,03
What does a static packet filtering firewall examine?

15
00:00:52,03 --> 00:00:56,02
It looks at source IP, destination IP,

16
00:00:56,02 --> 00:01:00,08
source port number, and destination port number.

17
00:01:00,08 --> 00:01:05,04
What is then the advantage of stateful packet inspection

18
00:01:05,04 --> 00:01:08,07
over static packet filtering?

19
00:01:08,07 --> 00:01:12,00
The main advantage is since it has memory,

20
00:01:12,00 --> 00:01:15,04
it doesn't need to inspect all the details of packets

21
00:01:15,04 --> 00:01:18,00
every time it sees a packet.

22
00:01:18,00 --> 00:01:22,08
For example, let's say that an incoming or ingress packet

23
00:01:22,08 --> 00:01:28,01
is sent as a response to an egress or outgoing packet.

24
00:01:28,01 --> 00:01:31,02
Since the stateful packet inspection firewall knows

25
00:01:31,02 --> 00:01:33,04
it's a response to an outgoing packet,

26
00:01:33,04 --> 00:01:37,00
it doesn't inspect all the packet details.

27
00:01:37,00 --> 00:01:38,08
It simply accepts it.

28
00:01:38,08 --> 00:01:43,02
However, in the case of static packet filtering firewalls,

29
00:01:43,02 --> 00:01:45,04
because they don't have any memory,

30
00:01:45,04 --> 00:01:49,04
they treat the packet as if they never saw it.

31
00:01:49,04 --> 00:01:52,02
Despite this disadvantage,

32
00:01:52,02 --> 00:01:55,07
static packet filtering firewalls have their own advantage

33
00:01:55,07 --> 00:01:59,01
over stateful packet inspection firewalls.

34
00:01:59,01 --> 00:02:02,02
One of the advantages is their simplicity,

35
00:02:02,02 --> 00:02:06,05
which makes them easy to configure and maintain,

36
00:02:06,05 --> 00:02:08,04
and because they're simple,

37
00:02:08,04 --> 00:02:11,06
they also require less computing resources

38
00:02:11,06 --> 00:02:13,05
when they're running.

39
00:02:13,05 --> 00:02:15,06
Most of the modern firewalls are

40
00:02:15,06 --> 00:02:18,00
stateful packet inspection firewalls.