Packet-filtering
On the Internet, packet filtering is theprocess of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. The process is used inconjunction with packet mangling and Network Address Translation (NAT). Packet filtering is often part of a firewallprogram for protecting a local network from unwanted intrusion.
In a software firewall, packet filtering isdone by a program called a packet filter. The packet filter examines the headerof each packet based on a specific set of rules, and on that basis, decides toprevent it from passing (called DROP) or allow it to pass (called ACCEPT).
There are three ways in which a packetfilter can be configured, once the set of filtering rules has been defined. Inthe first method, the filter accepts only those packets that it is certain aresafe, dropping all others. This is the most secure mode, but it can causeinconvenience if legitimate packets are inadvertently dropped. In the secondmethod, the filter drops only the packets that it is certain are unsafe,accepting all others. This mode is the least secure, but causes less inconvenience,particularly in casual Web browsing. In the third method, if the filterencounters a packet for which its rules do not provide instructions, thatpacket can be quarantined or the user can be specifically queried concerningwhat should be done with it. This can be inconvenient if it causes numerousdialog boxes to appear, for example, during Web browsing.
Packet Filtering Firewall: An Introduction
The Packet Filtering Firewall is one of themost basic firewalls. The first step in protecting internal users from theexternal network threats is to implement this type of security. The first everfirewalls used were of packet filtering type only. As the trends of networkthreats started changing, so did the firewall building strategies. Most of the routers have packet filtering built-in,but the problem with the outers is that, they are difficult to configure anddon’t provide extensive logs of the incidents.
To star with the network security, thepacket filtering firewalls are the way to go. This functionality is still themain aim of most of the commercial and non-commercial firewalls. As you know bythe definition and the purpose of the firewall, the firewall is the firstdestination for the traffic coming to your internal network. So, anything whichcomes to your internal network passes through the firewall. Of course, reverseis also true. Any outgoing traffic will also pass through the firewall beforeleaving your network completely. This is the reason that sometimes this type offirewall filter is also called screening routers.
Types of Packet Filtering
Packet filtering firewall allows only thosepackets to pass, which are allowed as per your firewall policy. Each packetpassing through is inspected and then the firewall decide to pass is or not.The packet filtering can be divided into two parts:
1. Stateless packet filtering.
2. Stateful packet filtering.
The data travels through the internet inthe form of packets. Each packet has a header which provides the informationabout the packet, its source and destination etc. The packet filteringfirewalls inspects these packets to allow or deny them. The information may ormay not be remembered by the firewall.
Stateless Packet Filtering
If the information about the passing is notremembered by the firewall, then this type of filtering is called statelesspacket filtering. This type of firewalls is not smart enough and can be fooledvery easily by the hackers. These are especially dangerous for UDP type of data packets. The reason isthat, the allow/deny decisions are taken on packet by packet basis and theseare not related to the previous allowed/denied packets.
StatefulPacket Filtering
If the firewall remembers the informationabout the previously passed packets, then that type of filtering is statefulpacket filtering. These can be termed as start firewalls. This type offiltering is also known as Dynamic packet filtering.
Important Features of Packet Filters
The great firewalls normally follow fewspecific rules upon which features are incorporated during firewall designing. Feware listed below:
1. The firewall should providegood deal of logs. The more detailed are the logs, the better the protection.
2. The command line syntax or GUIof firewall should be easy to create new rules and of course firewallexceptions.
3. The packet filter orders shouldbe evaluated carefully in order to make the filtering fruitful.
Form: http://searchnetworking.techtarget.com/definition/packet-filtering
From: http://securityworld.worldiswelcome.com/packet-filtering-firewall-an-introduction
'Computer Science > Terminology' 카테고리의 다른 글
| Open System Interconnection Protocols (0) | 2018.03.30 |
|---|---|
| Stateful Firewall (0) | 2018.03.30 |
| User Datagram Protocol (UDP) (0) | 2018.03.30 |
| Transmission Control Protocol (TCP) (0) | 2018.03.30 |
| Internet Protocol (IP) (0) | 2018.03.30 |