SPI firewall

SPI (Stateful Packet Inspection) is one of many features you might encounter in the advanced settings of your router or any cybersecurity software. Before trying to configure it, first learn about its purpose and principle of operation. It is in fact a very smart solution, working in the background for your online security!

What is SPI firewall?

Stateful inspection is not a distinct technique. It’s an approach to ensuring network security, the specifics are implementation-dependent. As the name implies, the point is to oversee the packets depending on the current state. As the state changes, the principles of inspection are also adjusted. That’s why another name for this method is dynamic packet filtering. The details get quite complicated. Let’s explain what the state actually is and what are the consequences of this approach.

The data passing through every network is fragmented into packets. Each of them belongs to a specific connection (referred to as a network session). The firewall notes the establishment and termination of every such connection and monitors it. Each session is only allowed to pass through the firewall after being checked and approved by security filters. If it is approved, then the packets related to it are also deemed safe. This way, there is no need to analyze the contents of each individual packet. Therefore, SPI offers faster than deep packet inspection, which scrupulously reads through each incoming piece of data.

What is a state in SPI system?

The SPI firewall sustains a state table. It contains entries corresponding to the monitored connections. Each entry is stored until the connection is closed or an implementation-dependent timeout occurs. The state is a bunch of attributes determining a specific link, like source and destination addresses, port numbers, and current connection state. They depend on packets’ protocol. SPI works better with networking techniques that are stateful themselves, like TCP. For the stateless ones like UPD or ICMP, the SPI firewall creates a pseudo-state to be able to filter their packets, too.

As a result, every packet approaching the firewall is not analyzed as a sole unit. It is put in the broader context of the entire online session. This context needs to be frequently updated, and such updates consume some computing power. That’s why the stateful approach is generally slower than the stateless filtering method.

SPI firewall – on or off?

All firewalls are there for a very good reason: network safety. Some are separate programs installed on a computer on their own or as a part of a bigger antivirus suite. Others work on the router or a local server. The most advanced firewalls come as separate hardware units. They all defend an ordinary user from threats only cybersecurity experts and hackers fully understand. SPI delivers advanced firewall protection and prevents many attacks, including the very dangerous DoS (Denial of Service), which floods the network with useless server requests. So if for any reason you’re considering turning the SPI firewall off, think this through carefully. Ask yourself a few questions:

• Do I have a strong reason to turn SPI off?
• Are there any additional means of protection?
• Do I assess the risk as acceptable?

Under usual circumstances, there are very few reasons to disable SPI. Sometimes it is lowered transfer rate or too big latencies. Then the question is: does it truly get in the way too much? On very rare occasions, SPIs can erroneously block some online services, like VPNs. In such cases, a manual reconfiguration of the firewall might be a better solution than disabling it completely. Or you might consider switching to a different VPN.

Firewalls are a powerful means of securing us all in the virtual world. SPI is one of the many techniques invented for the peace of mind of an ordinary user. Its dynamic nature allows for sophisticated protection from malicious attacks. In the great majority of cases, this feature is enabled by default and shouldn’t be ever disabled.

BackNext article