1) A statefull firewall can tell if the HTTP connection is starting from inside the network by looking at the transport layer TCP SYN (synchronize) as well as IP address source. What should it do if someone from the outside is pretending to be an “interior” IP address? 2) What are some items or transactions a company may want to block from the inside going out?
3) Why do companies like VPN capabilities? 4) If Intrusion Detection Systems worked better, we would not have the cyber security problems we have. What makes this (creating great IDS) hard to do?