Packet filteringA packet-filtering firewall examines each packet that crosses the firewall and tests the packet according to a set of rules that you set up. If the packet passes the test, it’s allowed to pass. If the packet doesn’t pass, it’s rejected.Packet filters are the least expensive type of firewall. As a result, packet-filtering firewalls are very common. However, packet filtering has a number of flaws that knowledgeable hackers can exploit. As a result, packet filtering by itself doesn’t make for a fully effective firewall. Show
Packet filters work by inspecting the source and destination IP and port addresses contained in each TCP/IP packet. TCP/IP ports are numbers that are assigned to specific services that help to identify for which service each packet is intended. For example, the port number for the HTTP protocol is 80. As a result, any incoming packets headed for an HTTP server will specify port 80 as the destination port. Port numbers are often specified with a colon following an IP address. For example, the HTTP service on a server whose IP address is 192.168.10.133 would be 192.168.10.133:80. Literally thousands of established ports are in use. Table 20-1 lists a few of the most popular ports. Some Well-Known TCP/IP Ports
One of the biggest weaknesses of packet filtering is that it pretty much trusts that the packets themselves are telling the truth when they say who they’re from and who they’re going to. Hackers exploit this weakness on a network by using a hacking technique called IP spoofing, in which they insert fake IP addresses in packets that they send to your network. Another weakness of packet filtering is that it examines each packet in isolation, without considering what packets have gone through the firewall before and what packets may follow. In other words, packet filtering is stateless. Rest assured that hackers have figured out how to exploit the stateless nature of packet filtering to get through firewalls. In spite of these weaknesses, packet filter firewalls have several advantages that explain why they’re commonly used:
Stateful packet inspection (SPI)Stateful packet inspection (SPI), is a step up in intelligence from simple packet filtering. A firewall with SPI looks at packets in groups rather than individually. It keeps track of which packets have passed through the firewall and can detect patterns that indicate unauthorized access.In some cases, the firewall may hold on to packets as they arrive until the firewall has gathered enough information to make a decision about whether the packets should be authorized or rejected. Stateful packet inspection was once found only on expensive, enterprise-level routers. Now, however, SPI firewalls are affordable enough for small- or medium-sized networks to use. Circuit-level gatewayA circuit-level gateway manages connections between clients and servers based on TCP/IP addresses and port numbers. After the connection is established, the gateway doesn’t interfere with packets flowing between the systems.For example, you could use a Telnet circuit-level gateway to allow Telnet connections (port 23) to a particular server and prohibit other types of connections to that server. After the connection is established, the circuit-level gateway allows packets to flow freely over the connection. As a result, the circuit-level gateway can’t prevent a Telnet user from running specific programs or using specific commands. Application gatewayAn application gateway is a firewall system that’s more intelligent than a packet-filtering, stateful packet inspection, or circuit-level gateway firewall. Packet filters treat all TCP/IP packets the same. In contrast, application gateways know the details about the applications that generate the packets that pass through the firewall.For example, a web application gateway is aware of the details of HTTP packets. As a result, it can examine more than just the source and destination addresses and ports to determine whether the packets should be allowed to pass through the firewall. In addition, application gateways work as proxy servers. Simply put, a proxy server is a server that sits between a client computer and a real server. The proxy server intercepts packets that are intended for the real server and processes them. The proxy server can examine the packet and decide to pass it on to the real server, or it can reject the packet. Or the proxy server may be able to respond to the packet itself, without involving the real server at all. For example, web proxies often store copies of commonly used web pages in a local cache. When a user requests a web page from a remote web server, the proxy server intercepts the request and checks to see whether it already has a copy of the page in its cache. If so, the web proxy returns the page directly to the user. If not, the proxy passes the request on to the real server. Application gateways are aware of the details of how various types of TCP/IP servers handle sequences of TCP/IP packets, so they can make more intelligent decisions about whether an incoming packet is legitimate or is part of an attack. As a result, application gateways are more secure than simple packet-filtering firewalls, which can deal with only one packet at a time. The improved security of application gateways, however, comes at a price. Application gateways are more expensive than packet filters, both in terms of their purchase price and in the cost of configuring and maintaining them. In addition, application gateways slow down the network performance because they do more detailed checking of packets before allowing them to pass. Next-generation firewallMany modern firewalls use the term next generation to describe new types of advanced threat-protection intelligence that are designed to watch for types of packet behavior that indicates the likelihood of malicious attack. A firewall that includes these new protections is called a next-generation firewall, usually abbreviated NGFW.A next generation firewall performs all the functions of a standard firewall and more. Using a technique called deep packet inspection, next-generation firewalls look beyond the surface of data packets as they enter your network to find threats that simpler types of firewalls would overlook. Next generation firewalls can often stop malware before it ever gets into your network. Want more tips to optimize your network? Avoid these ten big network mistakes. Which type of firewall looks for IP address?Packet-filtering firewalls provide a way to filter IP addresses by either of two basic methods: 1. Allowing access to known IP addresses. 2.
Which of the following firewalls filters traffic based on source and destination IP addresses?The correct answer is option 4. Network layer Firewall can filter on Source And Destination IP address, Source and Destination Port no for both TCP and UDP packet.
What are the 4 major types of firewalls?Four Types of Firewalls. Packet Filtering Firewalls. Packet filtering firewalls are the oldest, most basic type of firewalls. ... . Circuit-Level Gateways. ... . Stateful Inspection Firewalls. ... . Application-Level Gateways (Proxy Firewalls). What is stateful firewall and stateless firewall?Stateful firewalls are capable of monitoring and detecting states of all traffic on a network to track and defend based on traffic patterns and flows. Stateless firewalls, however, only focus on individual packets, using preset rules to filter traffic.
|