Packet Filter Firewall
Packet Filter Firewall
The Packet Filtering Firewall is one of the most basic firewalls. The first step in protecting internal users from the external network threats is to implement this type of security. The first ever firewalls used were of packet filtering type only. As the trends of network threats started changing, so did the firewall building strategies. Most of the routers have packet filtering built-in, but the problem with the routers is that, they are difficult to configure and don’t provide extensive logs of the incidents. As you know by the definition and the purpose of the firewall, the firewall is the first destination for the traffic coming to your internal network. So, anything which comes to your internal network passes through the firewall. Of course, reverse is also true. Any outgoing traffic will also pass through the firewall before leaving your network completely. This is the reason that sometimes this type of firewall filter is also called screening routers. It looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. On the Internet, packet filtering is the process of passing or blocking packets at a network interface based on source and destination addresses, ports, or protocols. Packet filtering is often part of a firewall program for protecting a local network from unwanted malicious programs like virus or malicious people who are unauthorized. In a software firewall, packet filtering is done by a program called a packet filter. The packet filter examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT). A packet filter firewall is a router that inspects each and every incoming and outgoing packets from the network or internet see below figure. This packet filter router uses a filtering table (predefines set of rules) to decide which packet must be discarded or forwarded. Types of Packet Filtering: – Packet filtering firewall allows only those packets to pass, which are allowed as per your firewall policy. Each packet passing through is inspected and then the firewall decides to pass it or not. The packet filtering can be divided into two parts:1. Stateless packet filtering.
2. Stateful packet filtering.
The data travels through the internet in the form of packets. Each packet has a header which provides the information about the packet, its source and destination etc. The packet filtering firewalls inspects these packets to allow or deny them. The information may or may not be remembered by the firewall.
1. Stateless Packet Filtering
If the information about the passing packets is not remembered by the firewall, then this type of filtering is called stateless packet filtering. These types of firewalls are not smart enough and can be fooled very easily by the hackers. These are especially dangerous for UDP type of data packets. The reason is that, the allow/deny decisions are taken on packet by packet basis and these are not related to the previous allowed/denied packets.
2. Stateful Packet Filtering
If the firewall remembers the information about the previously passed packets, then that type of filtering is stateful packet filtering. These can be termed as smart firewalls. This type of filtering is also known as Dynamic packet filtering.
