Firewalls are deployed in networks to prevent unauthorized activity. Traditionally, most attempts at unauthorized activity on a network come from outside the network, so a firewall is typically deployed between an intranet and a connection to a wider network. As checking for unauthorized activity slows down network traffic, firewalls usually present a tradeoff between security and speed. Firewalls may be distinguished into three categories based in part on this tradeoff.
Firewalls in the first category filter data packets based on header fields of the packets. While these filter-based firewalls are simple to design and can rapidly determine whether or not a packet meets a filtering rule, they cannot detect more sophisticated attacks, such as when a traffic flow hides malicious activity within a seemingly benign traffic protocol.
Firewalls of the second category, referred to as proxy firewalls, serve as a proxy between a server and an end-host. Every message exchanged between the server and the end-host are parsed by the proxy firewall, which applies sophisticated rules which consider the state of the exchange between the server and end-host as well as the individual packet. Proxy firewalls therefore offer the highest level of security, but require a great deal of computing power, and often require too much processing time to be implemented in a large-scale computer network.
The final category, stateful firewalls, represents a compromise between the other two categories. Like a proxy firewall, a stateful firewall makes a close examination of the initialization of a traffic flow and blocks unauthorized traffic flows. But if the traffic flow passes the initial test, the stateful firewall creates a state corresponding to the traffic flow, and all further packets matching the characteristics of the traffic flow may pass rapidly through the firewall. Stateful firewalls therefore provide better protection from malicious activities than a filter-based firewall, but without creating the traffic slowdowns associated with proxy firewalls. Stateful firewalls nonetheless reduce network performance. If the network is to be defended against unauthorized activity, all network activity must pass through the stateful firewalls, limiting network bandwidth.
A system to provide a scalable stateful firewall to a network would therefore be of great benefit to computer networks, particularly a system that allows approved traffic flows to bypass a firewall.