This One is all about Packets

In the earlier blog post on the basics of the firewall, we learned what exactly is a firewall and what does it do? It’s time to learn about the various types of firewalls and how do they function. I will dedicate one post each to the types of the firewall, thereafter jumping to the various kinds of firewall architecture.

Packet Filtering Firewall

The packet filtering firewall is the most basic of all the firewall types. Taking a cue from the earlier discussed analogy of postman, this type filters the information packets based on rudimentary parameters such as source and destination address, port numbers, traffic direction. A postman also looks at your letter and filters or segregates them on the basis of pin codes, destination address, etc.
Packet filtering is a firewall technology that makes access decisions based upon network-level protocol header values. The device that is carrying out packet filtering processes is configured with ACLs, which dictate the type of traffic that is allowed into and out of specific networks. The filters only have the capability of reviewing protocol header information at the network and transport levels and carrying out PERMIT or DENY actions on individual packets.

Just like the traffic rules where you (hopefully) obey and stop your car on the RED light and move forward on the GREEN, in similar fashion traffic is filtered with the help of the rules defined in the ACL. The ACL has rules defined such as traffic permitted from XXX.XX address with port XX etc. The ACL filtering rules are enforced at the network interface of the device, which is the doorway into or out of a network. This can be compared to a baggage scanner deployed at the front entrance of various organizations/hotels etc. The operator looks into it and has a checklist whereby he allows you to enter or goes for further checking. Such types of packet filtering at the network level is built into the new routers and does not need a specific firewall to perform this action.

Consider an example:

permit tcp host host eq telnet

Here you permit the traffic from source to destination which is serviced through telnet.
If you wish to deny all kinds of telnet traffic, you can write the following rule

Deny telnet any any

This will block telnet from any source to any destination.

If you have followed the discussion carefully, you will observe that the packet filtering firewall does not inspect what is inside the packet. This is the reason it is also known as stateless inspection as it does not understand the context the packets are working within. It can be considered similar to a postman checking the address and pin code but is unable to identify what’s inside the box. It is extremely important that if you are configuring a packet filtering device, make sure that if no matches are identified, then the traffic is denied.

Packet filtering firewalls can block many types of attacks at the network protocol level, but they are not effective at protecting against attacks that exploit application-specific vulnerabilities. This is clear because this firewall does not know what data is being moved between the applications. So you can stop the packets from a particular source, but, you will not be able to prevent attacks such as buffer overflow with this firewall.

There seem to be some problems associated with this firewall, hence, intelligent minds gathered together to build a new kind of a firewall to plug the flaws and improve upon certain aspects. We will learn about it in the next post.

Till then, why not share this post with your friends and share your suggestions/questions in the comment(s) section below.


You may also like to read...

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

Identification, Authentication, Authorization, and Accountability

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

How to Pass SSCP Exam in the First Attempt

The Endorsement Process - CISSP, SSCP & other (ISC)2 certifications