While both stateful and stateless firewalls act as security guards for your network, they work in fundamentally different ways. In this article, I’ll break down these differences in plain English and help you understand why a stateful firewall is the better choice for most users.
What Is Stateless Firewall and How Does It Work?
Stateless firewalls were the first type of firewalls, introduced in the early 1980s as basic packet-filtering firewalls.
They operate by examining each packet of data as it arrives at the network’s edge, independently of any other packets. Their name is derived from the fact that they don’t maintain any information about the state of network connections, such as whether a packet is part of an existing session or if it’s a new connection attempt. Instead, they make decisions based solely on the characteristics of each packet, like its source and destination IP addresses, ports, and the protocol used.
The characteristics of each packet are then inspected against a set of predefined rules, which tell the firewall whether to allow or deny them in a straightforward manner: if a packet matches an allow rule, it’s let through; if it matches a deny rule, it’s blocked. For example, you might create a rule that permits traffic on port 80 (HTTP) or port 443 (HTTPS) but doesn’t allow any traffic on port 23 (Telnet), which is often considered insecure and outdated.
The straightforward nature of stateless firewalls made them relatively efficient and easy to configure, but their limitations became increasingly apparent as the internet evolved and network communications became more complex. That’s why stateless firewalls are now used mostly in very specific scenarios where basic packet filtering is sufficient, such as protecting simple network segments with predictable traffic patterns.
Related: learn the differences between a firewall and a VPN, and which one you should use to protect yourself.
What Is Stateful Firewall and How Does It Work?
Unlike their stateless predecessors, stateful firewalls (developed in the mid-1990s) take into consideration the entire context of network connections. As such, a stateful firewall is like a security guard with an excellent memory who not only checks IDs but also remembers who entered the building.
This is essential because modern cyber attacks use and abuse legitimate packets to achieve their goals. Arguably the best example of this are Distributed Denial of Service (DDoS) attacks, which flood the system with so many legitimate packets that the target network becomes overwhelmed. With a stateful firewall, this kind of attack can be detected and mitigated because it keeps track of network connections in what’s known as a state table or connection table.
When a new connection is initiated, such as a user visiting a website, the firewall logs the details of this connection in the state table. When packets arrive, the firewall checks against the state table to see if the packet is part of an existing, authorized connection. If a packet’s details match an entry in the state table, it’s allowed to pass as it’s part of a known session. If not, the packet is rejected. A stateless firewall, on the other hand, would see each packet as legitimate and let them through.
Today, you will find stateful inspection technology in nearly every major firewall solution, including Windows Firewall, Bitdefender Firewall, and Comodo Firewall, just to give three examples.
Can Stateful Firewall Protect Against the Latest Threats?
While stateful firewalls provide significantly better protection compared to their stateless counterparts, they are not without their limitations because they typically inspect only the headers of packets when making their decisions. As a result, they can be blind to attacks where malicious content is carried within the packet payload. In today’s cyber threat landscape, many attacks fall into this category.
This is where next-generation firewalls (NGFW) come into play. Unlike traditional firewalls, NGFWs can inspect the entire packet, including its contents – similar to how security guards in places like airports have X-ray machines that can spot concealed threats.
However, even the most advanced stateful or next-generation firewalls must be part of a layered security approach that also includes up-to-date anti-malware software, regular system updates and patches, strong passwords and multi-factor authentication, safe browsing habits, and regular data backups.
Cover image generated by Grok.
