SPI the same as iptables the same as IPSecurity?

Discussion in 'Networking Issues' started by davehries, Jan 14, 2005.

  1. davehries

    davehries Network Guru Member

    I need some help with understanding these security features.

    I am looking at buying a new router and have decided that I want one with SPI. Where I run into difficult is that some mfg state the their router has SPI and others state that they have IPSecurity. Are they the same form of packet filtering or are they different?

    I have been told that SPI is the same as IPTables, is that true?

    Thanks for any help.
  2. Disman_ca

    Disman_ca Super Moderator Staff Member Member

    I would suggest only buy something that clearly states SPI. I'm not sure what IPSecurity would mean (NAT or IPSec?). In any case NAT (Network Address Translation) is not enough. It only allows a single device, such as a router, to act as an agent between the Internet and a local network. It really isn't a security feature although companies try to indicate that. If you are not sure don't trust the box or the sales person. Look it up as you are doing here or on the companies website. Call their tech support if you want to help clarify what they are saying (yes they will answer you to sell you on their product).

    I took this from http://www.netfilter.org/ to help answer what iptables is which is also refered to as a firewall (many debates on that not worth going there).
  3. davehries

    davehries Network Guru Member

    Thank you for the quick reply.

    As I understand it, IPSecurity is commonly referred to as IPSec. I think that I have SPI and iptables sorted out, but still don't know if IPSec is similar to SPI. When I read on-line sites about firewalls the tech jargon just confuses me even more.

    Appreciate any further clarification.
  4. Disman_ca

    Disman_ca Super Moderator Staff Member Member

    Sorry forgot IPSec. It is used to secure transmitted packets at the IP layer using encryption. When companies indicate IPSec or IPSecurity they mean tunneling support through their equipment. An example of tunneling is a VPN connection from point a to point b (usually used for corporate remote connectivity to offices). Some routers are also VPN servers, meaning they support connecting directly to the router instead of a pass-through which is usually the norm. Most times you see keywords like IPsec pass-through. The sveasoft firmware support both VPN pass-through and VPN server (PPTP).
  5. davehries

    davehries Network Guru Member

    Thanks for the information. Very helpful.
  6. TazUk

    TazUk Network Guru Member

    SPI stands for Stateful Packet Inspection and is a feature of firewalls. What it basically means is if the packet is part of a conversation that has already been verified i.e. the response to a packet that's been sent or recieved, the firewall doesn't bother checking it as it assumes it's safe.

    Disman_ca has already explained IPSec so you can see the two terms are not directly related :D
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice