Stateful Firewall
The foundation for network security is the firewall. Stateful inspection firewalls protect against unauthorized users accessing network resources and the unauthorized use of network resources.

They do this by making access control decisions, based on a predefined policy, to determine who and what type of application traffic (e.g. Web, e-mail, etc.) is allowed in and out of the network. They also protect against some network-level attacks. Stateful inspection firewalls make traffic decisions based on session information, instead of packet-level information, to take into consideration the "state" information. A stateful inspection firewall accepts or denies traffic based on the source IP address, destination IP address, source port, destination port and protocol. They track and maintain the state of the session, so they can verify an inbound packet matches a previously allowed session.

FIREWALL BASICS
Firewall policies are often confused with access control lists (ACLs), but the two have some major differences.

	Firewalls are stateful. They understand flows in a network and keep track of the state of sessions. If a policy is enabled to allow telnet outbound from a client, a firewall will understand that inbound traffic associated with that session should be allowed. Access Control Lists have no memory of what came before.
	Firewalls are bi-directional. While ACLs are normally applied either to traffic inbound to an interface or outbound from an interface, firewalls automatically work in both directions. Firewall configuration can be simpler than ACL configuration for this reason, since the administrator does not need to worry about building consistent input and output AC Ls.

MIXED APPROACH
Depending on the security needs of the enterprise, it may make sense to use a mixed approach to firewall policies.

Users, who travel frequently, such as sales employees, may need highly restrictive policies to counteract the risk associated with their laptops being subject to theft or hacking. IT staff may have a completely open firewall policy, while finance employees may have a lightly restrictive policy.

Mixed use policies are best addressed in the context of an overall enterprise security policy and form the basis of any network strategy planning exercise.

	Decrease risk of Internet intrusion
	Protect valuable information from external attack
	Ensures maximum network availability
	Create customised access mapped against user profile
	Corporate peace of mind
	Dramatically reduces MIS administration overheads