Showing results for 
Search instead for 
Did you mean: 
Create a Post

Principles of Check Point Architecture


Principles of Check Point Architecture

by Valeri Loukine



Stateful Inspection

In the History article, we mentioned that Stateful Inspection technology is much more efficient and secure than Static Packet Filtering.  Let’s try to prove this statement and understand its technological basis.


Static Packet Filtering (SPF) is a method to control network access by checking the IP header of a packet and comparing its data with an access list, which contains access restrictions and allowances.  Practically any UNIX, BSD or Linux machine is capable of performing this function natively.  With SPF, the security decision is made by the kernel’s IP stack in conjunction with an IP forwarding decision.  This function is always performed on a per packet basis.


Static Packet Filtering is incapable of enforcing anything more complex than just a simple verification of Layers 3 and 4 parameters, such as IP addresses and sometimes port numbers.  It also has performance drawbacks, as the security d

TO READ THE FULL POST it's simple and free
1 Comment