CISA Certified Information Systems Auditor – Question2152 - CISA Certified Information Systems Auditor

Which of the following statement correctly describes difference between packet filtering firewall and stateful inspection firewall?

A. Packet filtering firewall do not maintain client session whereas Stateful firewall maintains client session.
B. Packet filtering firewall and Stateful firewall both maintain session of client.
C. Packet filtering firewall is a second generation firewall whereas Stateful is a first generation of firewall.
D. Packet filtering firewall and Stateful firewall do not maintain any session of client.

Correct Answer: A

Explanation:

Explanation:
Packet Filtering Firewall
Also Known as First Generation Firewall
Do not maintain client session
The advantage of this type of firewall are simplicity and generally stable performance since the filtering rules are performed at the network layer.
Its simplicity is also disadvantage, because it is vulnerable to attack from improperly configured filters and attack tunneled over permitted services.
Some of the more common attack on packet filtering are IP Spoofing, Source Routing specification, Miniature fragment attack.
Stateful Inspection Firewall
A stateful inspection firewall keep track of the destination IP address of each packet that leaves the organization’s internal network.
The session tracking is done by mapping the source IP address of incoming packet with the list of destination IP addresses that is maintained and updated
This approach prevent any attack initiated and originated by outsider.
The disadvantage includes stateful inspection firewall can be relatively complex to administer as compare to other firewall.
The following were incorrect answers:
All other choices presented were incorrect answers because they all had the proper definition.
Reference:
CISA review manual 2014 Page number 345 and 346