Why should an IPS be Stateful?
Every operating system implementation has security leaks that are known to hackers throughout the world. In the 1990’s, stateful inspection became the industry standard for network security solutions to address malicious attacker behavior. An IPS should also incorporate “always on” stateful inspection to allow continuous monitoring of packets. As well as examining header information, stateful inspection allows the entire packet content (up through the application layer) to be examined to determine more context about the packet beyond its source and destination information. In addition, stateful inspection monitors the state of a connection and compiles historic information in a state or session table. As a result, dynamic filtering decisions can be expanded beyond administrator-defined rules that simply block known IP addresses or TCP ports (as in static packet filtering) to take into account the context of a packet that has been established by packets that previously passed through th
