I have a situation where a client claims that its 50+ public facing servers are sufficiently protected from malicious attacks by a router configured with ACLS to limit access to only the services and ports required by the servers. I am of the position that a stateful inspection firewall is necessary to better protect the servers.
In the most obtimsitic of situations, where the hosts are monitored closely and regularly patched for vulnerabilities, a packet filter could be enough. There need to be controls in place, however, to guarantee that the patches and monitoring are being performed.
Does anyone have any information on the benefits of a stateful inspection firewall over a packet filter?
Thank you,
