If you are considerate about the security of your computer network, you must know about the packet filtering firewall. The purpose of this article is to provide a clear understanding of that mechanism and its importance. So, continue reading.
In simplest terms, a packet filtering firewall is a security measure used to control a given network. Such firewalls can monitor and control both outgoing and incoming packets. Considering several aspects, the firewall will pass or halt the data packets. For instance, it will consider the source and destination IP addresses, ports, and protocols.
The functionality of a packet filtering firewall
Firewalls work on different levels in terms of TCP/IP protocols. Know more about Firewall Meaning here. A packet filtering firewall is designed to function at level 3 and level 4 of the TCP/IP protocol stack. It functions regardless of the combination of source IP, destination IP, source port, or destination port.
The most basic type of firewall cannot filter anything beyond incoming packets. Also, it can block the ports that are already closed. However, there are advanced firewall varieties that come with sophisticated features.
A packet filtering firewall that is running on regular devices offers NAT (Network Address Translation). An edge router exposes a single IP address to the network either to the internet or intranet. When the packets arrive, the respective firewall will examine them. Then, they will determine the destination port (to which those packets are sent) as well. After that, the firewall will put those incoming packets to a specific internal table. With the assistance of that table, the firewall maps the port to an internal IP address of the host. In general, the internal IP addresses are non-routable. They are not exposed to the internet, so they are safer from external threats.
Pretty much all the personal firewall you use falls into the category of packet filtering firewall. In fact, there is a slight difference between a packet filtering firewall and one available on home routers. Basically, a packet filtering firewall has a better logging capacity compared to a one available on home routers.
As you have already learned, a packet filtering firewall monitors each packet that crosses the firewall. It tests all those packets based on the specific rules which are set-up by default or by you. If the data packets pass the test of the firewall, the respective packets can reach the determined port. If not, the packets will be rejected.
In general, packet filters are the most affordable type of firewalls. That is one of the most obvious reasons behind the increasing popularity of this variety. Nevertheless, there are some drawbacks to these firewalls, so an expert hacker may be able to bypass them. Therefore, a packet filtering firewall may not be the best option for those who expect the optimal protection. Do you intend to maximize the protection of a packet filtering firewall? Then it should be coupled with other security measures.
Packet filtering firewall and ports
Each TCP/IP comprise of source and destination IP and Port Addresses. TCP/IP is the shortened form for Transmission Control Protocol/Internet Protocol. A packet filter firewall works by inspecting these elements. TCP/IP ports are represented in the form of numbers, and they are assigned to different services. These services help in identifying the precise job of each packet. For instance, let’s take an HTTP protocol. It has the port number 80 as its destination port.
In most cases, port numbers are displayed with color and the respective IP address. Let’s take the previous port number as an example in this case also. Assume that there is an HTTP service on a given server, and the server’s IP address is 192.168.10.102. In that case, the HTTP service on the same server will be displayed as 192.168.10.102:80. So, anyone with reasonable computer knowledge can realize that thousands of established ports are being utilized during operation. To give you a better idea about it, we intend to list down some common ports.
|20||Represents File Transfer Protocol (FTP)|
|21||Represents File Transfer Protocol (FTP)|
|22||Represents Secure Shell Protocol (SSH)|
|25||Represents the Simple Mail Transfer Protocol (SMTP)|
|53||Represents Domain Name Server (DNS)|
|80||Represents the World Wide Web (HyperText Transport Protocol; HTTP)|
|110||Represents Post Office Protocol (POP3)|
|119||Represents Network News Transfer Protocol (NNTP)|
|137||Represents NetBIOS Name Service|
|138||Represents NetBIOS Datagram Service|
|139||Represents NetBIOS Session Service|
|143||Represents Internet Message Access Protocol (IMAP)|
|161||Represents the Simple Network Management Protocol (SNMP)|
|194||Represents Internet Relay Chat (IRC)|
|389||Represents Lightweight Directory Access Protocol (LDAP)|
|396||Represents NetWare over IP|
|443||Represents HTTP over TLS/SSL (HTTPS)|
The rules you will set up (configuring the firewall) for packet filtering will permit or deny their access. For instance, you can consider your firewall to permit packets related to your mail server. If not, you can configure it to permit packets of the web server and reject other packets. Likewise, you can configure your firewall, depending on your priorities.
If not, you can configure your firewall to deny packets that are directed towards the posts related to NetBIOS. As a result, internet hackers who try to access your NetBIOS server resources will find it difficult. NetBIOS server resources include aspects such as printers or files.
What are the flaws associated with packet filtering firewalls?
One of the most significant flaws associated with packet filtering is that they rely on packets. That means they trust the data included in the packets assuming that they tell the truth. In other words, this method believes what those packets are, where they are from, and where they are going. An experienced and skilled hacker can utilize this weakness. They can exploit it through various techniques and trick the firewall, so it will allow packets to pass. This is known as IP spoofing in general. They insert a bogus fake IP address in the packets, which will then enter your network.
There is another weakness related to packet filtering is that this system examines every single packet in isolation. That means this system doesn’t consider what packets have gone through the respective firewall. Also, it doesn’t consider what those packets may follow. The best way to describe this situation is that it is a stateless process. If, by any chance, a hacker figures out how to exploit it, he can get through the firewall.
Apart from the above weaknesses, a packet filtering firewall has various advantages as well. Mentioned below are the reasons for this variety of firewalls to be so popular.
● Packet filtering firewall is a very efficient system
In general, a packet filtering firewall is a very efficient method. Firewalls monitor the content of the packets before allowing them through. It sounds like a pretty lengthy process at once. However, when it comes to a packet filtering process, the system is very efficient. It holds up each inbound and outbound packet for a couple of milliseconds only and assures negligible lags. Once the addresses and the ports are determined, the packet filter applies the rules quickly without any lag. In other words, it takes the decision quickly. In contrary to that, other firewall models are not as efficient as this system. They deliver considerable lagging.
● Working with packet filtering is easy
Packet filters display notifications only when a packet is being rejected by the firewall. In other words, it is just a matter of installing the firewall. In contrary to that, other firewalls require you to configure the settings manually on servers and clients.
● They are affordable
The other major advantage is that packet filtering firewalls are very affordable.
Well, that’s what you should know about a packet filtering firewall. If you need further information related to this matter, please let us know.