Packet Filtering
2 Answers

Packet Filtering:

  • Packet Filtering Firewalls are deployed on the Routers which connect the Internal Network to Internet. Packet Filtering Firewalls can only be implemented on the Network Layer of IOS Model.
  • Packet Filtering Firewalls work on the Basis of Rules defines by Access Control Lists. They check all the Packets and screen them against the rules defined by the Network Administrator as per the ACLs.
  • If in case, any packet does not meet the criteria then that packet is dropped and Logs are updated about this information. Administrators can create their ACLs on the basis Address, Protocols and Packet attributes.
  • Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.
  • The process is used in conjunction with packet mangling and Network Address Translation (NAT).
  • In a software firewall, packet filtering is done by a program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT).
  • There are three ways in which a packet filter can be configured, once the set of filtering rules has been defined.
  • In the first method, the filter accepts only those packets that it is certain are safe, dropping all others. This is the most secure mode, but it can cause inconvenience if legitimate packets are inadvertently dropped.
  • In the second method, the filter drops only the packets that it is certain are unsafe, accepting all others. This mode is the least secure, but is causes less inconvenience, particularly in casual Web browsing.
  • In the third method, if the filter encounters a packet for which its rules do not provide instructions, that packet can be quarantined, or the user can be specifically queried concerning what should be done with it. This can be inconvenient if it causes numerous dialog boxes to appear, for example, during Web browsing.
  • The advantage of Packet Filtering Firewalls is cost and lower resource usage and best suited for smaller networks.

Packet Filtering – a means of controlling access to a network. The concept is simple: determine whether a packet is allowed by comparing some basic pieces of information in the packet headers. Cisco IOS Access Control List (ACL) is one of the most used packet filters. IPChains is also a popular packet filter application, which comes bundled with many versions of Linux.

Two-way communication presents a challenge for network security based on packet filtering. If one blocks all incoming traffic, one prevents responses to outgoing traffic from coming in, disrupting communication. Consequently, one has to open two holes, one for outgoing traffic and one for incoming traffic, without enforcing any association of the incoming traffic with existing outgoing connections in the network. Packet filtering thus can allow in crafted malicious packets that appear to be part of existing sessions, causing damage to protected resources.

Packet filtering devices do not track dynamic protocols, where a server and a client negotiate a random port for data transmission. Examples of protocols that use dynamic ports include file transfer protocol (FTP), remote procedure call (RPC), and H.323. To enable these applications to pass through packet filtering systems, one has to open a very large hole, significantly reducing the security protection provided by packet-filtering systems. For instance, in order to allow in standard FTP, one must let through any traffic with a destination port greater than 1,023 (1,023 – 65,500) and source port of 20, thus opening a significant security hole in the network. As a result, many organizations also deploy additional security measures in a layered defense strategy.

Please log in to add an answer.