IntroductionPacket filtering firewall is a network security technique that is used to control data flow to and from a network. It is a security mechanism that allows the movement of packets across the network and controls their flow on the basis of a set of rules, protocols, IP addresses, and ports. Show
Let’s understand What is a packet filtering firewall?Packet filtering protects a local network from undesired invasion depending upon the predefined rules. The information passes through a network in the form of small pieces called packets, which travel independently across IP networks. These small packets travel through a node only if they match with predefined filtering rules otherwise get dropped. Hence, the filtering rules that are defined by the network layer firewalls in a packet filtering firewall prove to be highly efficient in providing security mechanisms. In this article we will discuss:
1. Packet Filtering Firewall DiagramPacket filtering controls (allows or drops) packet or data transfer based on the following standards:
The packets filtering firewall shows how filtration is executed on the firewall. The packet filtering firewall checks access control lists (ACLs) to separate packets depending upon the upper-layer protocol ID, source and destination port numbers, source and destination IP addresses, and packet transmission route.
As shown in figure 1, the passage of packets depends entirely on the decision of the packet filtering router firewall. It filters the packets according to the security protocols programmed into the router using the firewall rules. These packet filtering firewall rules are set up by users to build protection against packets transmission and allow only packets that match certain IP addresses or ports. Users may specify rules that will permit only those packets that are meant for their server and decline all other packets. For example, rules may be set to completely reject packets heading for the ports used by NetBIOS, which in turn prevents unwanted intrusion of Internet hackers on NetBIOS server resources. A packet-filtering firewall can be distinguished into the following types based on the usage of rules:
2. Advantages and Disadvantages of Packet Filtering FirewallPacket-filtering firewalls usually run on either general-purpose computers/routers or a special-purpose router and have their share of packet filtering firewall advantages and disadvantages. Packet filtering is an efficient defense system against intrusions from computers or networks outside a local area network (LAN). It is also a standard and cost-effective means of protection as most routing devices itself possess integrated filtering capabilities, so there is no need for setting a new firewall device. Following are some of the prominent advantages of packet filtering firewall that makes it highly acceptable worldwide:
Although packet filtering offers several advantages, it also has some weaknesses. Some of the disadvantages of a packet filtering firewall are:
3. Packet Filtering Firewall ExamplePacket filters act on the source and destination IP and port addresses that are present in each TCP/IP packet. You can set rules allowing access to only familiar and established IP addresses and denying access to all unknown or unrecognized IP addresses. For example, if you set rules denying access to port 80 to outsiders, you would block off all outside access to the HTTP server as most HTTP servers run on port 80. Alternatively, you can set packet filtering firewall rules permitting packets designated for your mail or web server and rejecting all other packets. Despite its weaknesses, packet filter firewalls are widely used for being leverage and inexpensive. It controls the movement of information/packets according to a set of rules defined by the user and protects the network from unwanted intrusion or attacks. Thus, it acts as a powerful security tool and provides a good level of security to the network. Also Read
Which one among the following in firewall has a source IP address and destination IP address port and protocol information?Detailed Solution. The correct answer is option 4. Network layer Firewall can filter on Source And Destination IP address, Source and Destination Port no for both TCP and UDP packet.
Which firewall filters based solely on source and destination MAC address?MAC Layer Firewalls
This type of firewall filters packets based on their ACL entries, which are tied to the MAC addresses of the accessing device. This allows the firewall to determine whether to block or allow the packets to access the network.
Which firewall filters traffic?Software-based firewalls provide individual devices significant protection against viruses and other malicious content. They can discern different programs running on the host, while filtering inbound and outbound traffic.
Do firewalls filter IP addresses?Modern firewalls can filter traffic based on many packet attributes such as source IP address, source port, destination IP address or port, or destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, of the source, and many other attributes.
|