The Different Types Of Packet Filtering Methods Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The original function of a firewall is to filter the flow of traffic by inspecting each packet passing through the network (layer 3 of the OSI model), and allowing or denying it based on user-defined rules, which this is called packet filtering. In packet filtering only the source and destination address, Internet Protocol (IP) address and port of each packet is examined. The packets content and context (its relation to other packets and to the intended application) are ignored. If the packet is denied, there are two ways it can be denied. One way a denied packet is handle is being dropped, which does not send a response to the sender. The other way is reject, which sends a message (ICMP covered later) to the sender for example echo request which is a normal ping request. This method does not provide strong security ethics as hackers can attempt man-in-the-middle attacks.

What is a packet? A packet or sometimes referred as a datagram is information that is sent to a network including messages and files that are broken down into small chunks by Transmission Control Protocol/Internet Protocol (TCP/IP). Transmission Control Protocol (TCP), manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. Internet Protocol (IP), handles the address part of each packet so that it gets to the right destination. If they are sent to a host in a network that is protected by a firewall, the firewall has to reassemble them in the correct order. Each packet has two parts, the header and data. Header is the part of the packet that contains the source and destination IP and port. Routers and firewalls that packet filter make decisions on whether to allow the packet to pass by examining the header. Data is the part of a packet that contains the information it is intending to send such as messages and files and that is visible to the recipient. Data is different from the header, which is invisible to the user.

Different types of packet filtering methods are stateless, stateful, Internet Control Message protocol (ICMP), TCP or User Datagram Protocol (UDP) port number. Stateless packet filtering is blocking or allowing packets based on protocol type, IP address, and port number, without regard to whether a connection has been previously established. Stateless packet filters looks at each packet's header and compares it to its rule base. Since that is the case there are no means of remembering the packets that pass through. Stateless packet filters are best used when network traffic needs to be completely blocked. Stateful packet filtering or stateful inspection is when a firewall confirms a state table. A state table is a list of current connections. Stateful packet filtering ensures the data portion of IP packets including the headers and only allows those packets that previously established a connection. ICMP is designed to send messages across IP networks. Filtering by ICMP message type helps troubleshoot network issues. As stated earlier, this is not the best method because hackers can use these messages to attack your network. TCP or UDP filtering is commonly called port or protocol filtering. Filtering by TCP/UDP port numbers helps troubleshoot port issues for example Domain Name System (DNS) port 53.

Rules can affect the following protocols ICMP, UDP and TCP/IP. The most common packet filtering rules that are in the internal network are any outbound packet must have a source address, any outbound packet must not have a destination address, any inbound packet must not have a source address, any inbound packet must have a destination address. Any packet enters or leaves the network must have both a source and destination address within the range of addresses on the network.

There are different devices that perform packet filtering routers, operating systems and software firewalls. As stated earlier, appliance firewalls were the original packet filtering device, but today routers are the most common packet filters which are integrated with firewalls. For operating systems Windows Server and Linux have built-in software that performs packet filtering. Most enterprise-level and personal firewalls perform packet filtering such as Checkpoint, Symantec, and Zone Alarm. In order to provide the ultimate protection it is best to use a hardware and software firewall together.

Packet filtering is important part of network security; however, packet filtering does have its limitations to include not hiding IP addresses of the hosts that are inside the network filter. You cannot rely on one layer authentication; the best practice is to create multiple layers achieving each layer harder than the previous.