Which type of firewall would be least effective in controlling modern threats?

A packet-filtering firewall operates primarily at the network layer, making decisions based on the header information of packets. It examines the source and destination IP addresses, port numbers, and the protocol being used. While this approach can be effective for basic security measures, it lacks the capabilities to analyze the content of the packets or to maintain context of the connections.

Modern threats often utilize complex techniques such as application-layer attacks, encrypted traffic, and evasion tactics to bypass basic filtering mechanisms. Because packet-filtering firewalls do not inspect the payload or understand the state of the connection, they are unable to defend against attacks that exploit application vulnerabilities or those that involve malicious content within legitimate traffic. As a result, they are considered less effective in a landscape where threats are increasingly sophisticated and may be hidden within secure channels like HTTPS.

In comparison, other types of firewalls, such as next-generation firewalls and proxy firewalls, incorporate advanced features like deep packet inspection, intrusion detection/prevention, and application awareness, making them far more effective against modern security threats.