Packet Filtering Firewall
A packet-filtering firewall is a type of network security firewall. It has filters that relate incoming and outgoing packets against a standard set of rules to decide whether to allow them to pass through. In most cases, the rule set is called as access list. The access list is predefined, based on a variety of metrics. Packet filtering happens at Layer 3 and Layer 4 of the OSI model.
The common filtering options are as below;
The source IP address of the incoming packets (IP Packets) indicate where they were originated. Packets/Traffic can be approved or denied by its source IP address. For example, many unauthorized sites or botnets can be blocked based on their IP addresses.
The destination IP addresses are the intended location of the packet at the receiving end of a transmission.
Unicast packets have a single destination IP address and are normally intended for a single machine. Multicast or broadcast packets have a variety of destination IP addresses and usually are destined for multiple machines on the network.
Rule sets can be developed to block traffic to a particular IP address on the network to reduce the load on the target machine. Such measures can also be used to block unauthorized access to highly confidential system on internal networks.
The type of Internet protocols the packet contains are Layer 2 and Layer 3 packets that includes the type of protocol being used as part of their header structure.
These packets can be any of the following types:
- Normal data-carrying IP packet
- Message control packet (ICMP)
- Address resolution packet (ARP)
- Reverse Address Resolution Protocol (RARP)
- Boot-up Protocol (BOOTP)
- Dynamic Host Configuration Protocol (DHCP)
Filtering can be based on the protocol information that the packets carry so you can block traffic that is transmitted by a certain protocol.
Advantage:
Using of packet-filtering firewalls are achieved, because most of the work takes place at Layer 3 or lower. Packet-filtering firewalls are employed at the very periphery of an organization’s security networks.
For example, packet-filtering firewalls are highly operative in protecting against denial-of-service (DoS) attacks that aim to take down sensitive systems on internal networks.
Disadvantage:
One major disadvantage is, because of packet-filtering firewalls work at OSI Layer 3 or lower, it is impossible for them to examine application-level data.
Thus, application explicit attacks can simply get into internal networks. When an attacker spoofs network IP addresses, firewall filters are ineffective at filtering this Layer 3 information. Many packet-filtering firewalls cannot detect spoofed IP or ARP addresses. The main reason for deploying packet-filtering firewalls is to protect against the most general denial-of-service attacks and not against targeted attacks.
Stateful packet-filtering firewall/Dynamic Packet Filtering
Stateful packet-filtering or dynamic packet filtering systems use a complex approach, although recollecting the basic abilities of packet-filtering firewalls. They work at Layer 4 and the connection pairs usually contain on four parameters:
- Source address and port
- Destination address and port
Stateful inspection techniques employ a dynamic memory that stores the state tables of the incoming and established connections. Any time an external host requests a connection to your internal host, the connection parameters are written to the state tables. As with packet-filtering firewalls, you can create rules to define whether certain packets can permit through.
As example, a firewall rule can need dropping packets that comprise port numbers higher than 1023, as most servers respond on standard ports numbered from zero to 1023.
Stateful packet filtering firewalls are not as elastic or as robust as regular packet-filtering firewalls.
Incorporating a dynamic state table and other features into the firewall makes the architecture more complex, which directly slows the speed of operation. This appears to users as a decrease in network performance speed.
In addition, stateful packet filtering firewalls cannot entirely access higher-layer protocols and application services for review.
Just a views..
No comments:
Post a Comment