Are SPI(Stateful Packet Inspection) and CFP Protocol Analysis the same? If not, then what’s the difference between them?
(:m*) Additional related comments/concerns on this topic can be accomplished by contacting an online mod to open the thread.
STATEFUL PACKET INSPECTION (From Techweb)
A firewall technology that ensures that all inbound packets are the result of an outbound request. Also called "stateful packet inspection" (SPI), it was designed to prevent harmful or unrequested packets from entering the computer. For example, if you click on a link to a Web page, an HTTP request is being made to a specific URL address. All packets coming back from that URL would pass the stateful inspection and be accepted. Every so many minutes, your e-mail program queries the mail server, and returning packets from that server are allowed.
PROTOCOL ANALYSIS (from CFP V3 help files)
Protocol Analysis is key to the detection of fake packets used in denial of service attacks. Checking this option means Comodo Firewall Pro checks every packet conforms to that protocols standards. If not, then the packets are blocked
In a nutshell, SPI checks whether the packets coming into your PC are supposed to be coming in and Protocol Alanysis, looks inside those packets to ensure that they are valid when compared tothe specifications of that packet type.
Hope this helps,
It’s clearer now, but protocol analysis is still not that clear. Could you please show me an example for packet analysis and its function/working? Thanks!
A simple example like in your first quote about SPI would be fine. Actually I don’t understand this part:
to ensure that they are valid when compared tothe specifications of that packet type.
Thanks for easy-to-understand description of SPI (:CLP)
There are strict specifications of what can and cannot be in a given type of packet. Protocol Analysis compares the internal structure of a data packet against the specifications of that type of packet. This prevents malformed packets getting inside. Malformed packets are a common means of compromising a PC.
Now it’s clear. Thanks for clarifying that! Thank you Ewen!