Which is correct - Stateful Inspection Firewall or Web Application Firewall?

CK121

A question on a practice test that came up:

You need to install a device that can mitigate the risk of the Web server hosting XML Web Services from being attacked through data sent in a request. Which:

A. Stateful Inspection Firewall

OR

B. Web Applicaton Firewall?

According to my Sybex book "Stateful Inspection Firewalls" can perform deep pack inspection, so I thought the answer was "A" and not "B". Can anyone help me understand this?

cisco_trooper

I would be leaning toward B. A normal firewall performing stateful inspection is not going to address application layer attacks and deep packet inspection isn't going to be able to do it either. A Web application firewall is able to identify known web application attacks that happen at the application layer. The attacks are occurring over legitimate TCP connections and really cannot be addressed by a standard firewall.

CK121

cisco_trooper wrote: »

I would be leaning toward B. A normal firewall performing stateful inspection is not going to address application layer attacks and deep packet inspection isn't going to be able to do it either. A Web application firewall is able to identify known web application attacks that happen at the application layer. The attacks are occurring over legitimate TCP connections and really cannot be addressed by a standard firewall.

Thanks! Just that I'm getting mixed information at the moment. The test engine said the answer to this question was WAF because they can perform deep packet inspection, whereas stateful inspection firewalls don't - they don't examine the contents of the payload. But my Sybex book says that stateful inspection firewalls can perform deep packet inspections.