Firewalls | Packet Filtering
The commonest characteristic of a firewall is the packet filter. Firewalls that are exclusively packet filters—as well recognized as stateless inspection firewalls—are in essence routing devices that offer access control functionality for host addresses and communication sessions. Contrary to more advanced filters, packet filters are not interested about the content of packets.
Their access control functionality is regularized by a set of directives named to as a ruleset. Packet filtering capabilities are integrated into most OSs and devices capable of routing; the most usual instance of a pure packet filtering device is a network router that employs access control lists.
In their commonest form, firewalls with packet filters work at the network layer. This offers network access control based on various pieces of data incorporated in a packet, including:
- The packet’s source IP (Internet Protocol) address—the address of the host from which the network packet originated (such as 192.168.1.1)
- The packet’s destination address—the address of the host the network packet is trying to reach (for instance, 192.168.2.1)
- The network protocol being utilized to communicate between source and destination hosts, such as TCP(Transmission Control Protocol), UDP(User DatagramProtocol)
, or ICMP (Internet Control Message Protocol) - maybe some features of the transport layer communications sessions, such as session source and destination ports (e.g., TCP 80 for the destination port belonging to a Web server, TCP 1320 for the source port belonging to a personal computer accessing the server)
- The interface being traversed by the packet, and its direction (inbound or outbound).
Firewalls that are exclusively packet filters and offer no advanced characteristics have two main strengths—speed and flexibility. Because packet filters seldom examine data above the network layer (with the possible exception of limited transport layer data), they can operate very rapidly. And since latest network protocols can be accommodated via the network layer and below, packet filters can be utilized to offer some security for almost any type of network communication or protocol.
This simplicity permits firewalls with packet filters to be deployed into almost any enterprise network infrastructure, and their speed and flexibility makes them perfect for placement at the outermost boundary, or perimeter, of an untrusted network to block incoming traffic—a procedure titled ingress filtering.
Such packet filters, named to as boundary routers, can block certain low-layer attacks, execute simple access control according to the policy in place (such as blocking unwanted protocols and permitting others), and pass permitted incoming traffic to more powerful firewalls that handle access control and filtering at higher layers. By executing this basic filtering, the boundary router reduces processing requirements on the other firewalls.
Outgoing traffic can also be filtered, a process named to as egress filtering. Here, organizations can enforce limitations on their internal traffic, such as blocking the use of external file transfer protocol (FTP) servers or preventing denial of service (DoS) attacks from being launched from within the organization against outside entities.
Organizations should only allow outbound traffic that utilizes the source IP addresses in utilize by the organization—a process that helps block traffic with spoofed addresses from leaking onto other networks. Spoofed addresses can be induced by malicious events such as malware infections or compromised hosts being utilized to launch attacks, or by inadvertent misconfigurations.
Firewalls that solely use packet filters provide speed and flexibility, but they also have inbuilt restrictions. Since packet filters don’t analyze upper layer data, they are not able to prevent attacks that employ application-specific vulnerabilities or functions.
For instance, a packet filter firewall can’t block specific application commands—if a packet filter permits a particular application, all functions available within that application will as well be allowed. The inability to analyze upper layer information as well prevents the support of advanced user authentication schemes and limits the value of logging, as most logs contain the same data utilized to make access control decisions (source address, destination address, and traffic type).
Packet filters are broadly vulnerable to attacks and exploits that take advantage of problems within the TCP/IP specification and protocol stack. For instance, many packet filters are not able to discover when a packet’s network layer addressing information has been spoofed or otherwise modified. Spoofing attacks are typically employed by intruders to bypass the security controls enforced in a firewall platform. Firewalls that operate at higher layers can thwart some spoofing attacks by verifying that a session is established, or by authenticating users before allowing traffic to pass.
Because of these restrictions, firewalls with only packet filters are normally utilized as the first line of defense at a network’s perimeter to offer common traffic filtering. Firewalls with extra capabilities—which may not be able to handle packets as rapidly as a packet filter—are usually placed behind it. As an alternative, firewalls with advanced capabilities can be utilized at the perimeter if they are fast enough to handle incoming and outgoing traffic.
23 Responses to “Firewalls | Packet Filtering”
I purchased ESET NOD32 3 user license. It is working fine on the first computer (first installation) but it is not working with 2nd & 3rd installationsStates that the username/password is invalid and won’t update the database.
If it works on one computer maybe mistyped the username or password. It is better to contact Eset.
What are the internet security suites that contain advertising blocker ?
Usually they block only pop-up advertising. I recommend using Adblock Plus add-on for Firefox.
What are the fixed costs for a WAN ?
1. Equipment purchases, such as modems, channel service unit/data service units, and router
interfaces
2. Circuit and service provisioning
3. Network-management tools and platforms
What is DPNSS ?
DPNSS is an industry-standard interface defined between a PBX and an access network. DPNSS expands the facilities normally available only between extensions on a single PBX to all extensions on PBXs connected in a private network.
What is SIP ?
SIP is the Internet Engineering Task Force (IETF) standard for multimedia conferencing over IP. SIP is an ASCII text-based application-layer control protocol that establishes, maintains, and terminates calls between two or more endpoints. SIP is a peer-to-peer protocol developed as a simple lightweight replacement for H.323
What are the administrative interfaces of firewall ?
Modern firewalls come with two administrative interfaces:
1. The CLI
2. The GUI (typically, but not necessarily, web based)
What are SOHO firewalls ?
small office/home office (SOHO) firewalls
What are the main WAN backup options ?
Dial backup routing
Permanent secondary WAN link
Shadow PVC
What is LDAP ?
LDAP is a hierarchical tree-like structure where directory entries are arranged to reflect boundaries determined by geographic, political, or organizational descriptions
interesting post
a very good article about Firewalls | Packet Filtering
Thanks for the firewall-vpn and computer security series of articles
A lot to digest, but looks like some very useful stuff! Will read in more detail when I have the time.
really great post. thanks for this nice article. i really like.