Explain packet filtering and layer 7 filtering and bring out the advantages and disadvantages by comparing them

Subject: Advanced Network Technologies

Topic: Network Security

Difficulty: High

1 Answer

Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.

Network layer firewalls define packet filtering rule sets, which provide highly efficient security mechanisms.

Packet filtering is also known as static filtering.

During network communication, a node transmits a packet that is filtered and matched with predefined rules and policies. Once matched, a packet is either accepted or denied.

Packet filtering checks source and destination IP addresses. If both IP addresses match, the packet is considered secure and verified. Because the sender may use different applications and programs, packet filtering also checks source and destination protocols, such as User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Packet filters also verify source and destination port addresses.

Some packet filters are not intelligent and unable to memorize used packets. However, other packet filters can memorize previously used packet items, such as source and destination IP addresses.

Packet filtering is usually an effective defense against attacks from computers outside a local area network (LAN). As most routing devices have integrated filtering capabilities, packet filtering is considered a standard and cost-effective means of security.

Application Layer Filtering (Layer 7 Filtering):

They have the ability to examine the payload of a packet and make decisions based on content. This means that application-layer filtering systems can permit or deny specific application requests or commands, giving a far greater degree of granular control over network traffic

The most common implementations of application-layer filters provide proxy services, such as mail, file transfer protocol (FTP), and telnet, so that they do not run on the actual filter, which increases security. Each connection is subject to a set of specific rules and conditions similar to those in packet-filters, except that the selectivity rules application layer filter use is not based on ports, button the to-be-accessed programs or services (regardless of which port is used to access these programs)


Please log in to add an answer.