how-to block ads
Works at the Internet protocol layer and enables you to accept, reject or drop packets based on IP Address, Ports or Protocols. Packet filters perform these duties based on a set of configurable rules called Policies. Packet filtering is the original and the most basic type of firewalling, and most routers provide packet filtering. Disadvantages of packet filtering, however, are:
a) Address information on a packet can potentially be spoofed or falsified.
b) The data contained in allowed packets can't be checked, so they ultimately may contain exploits.
c) Packet filters can't provide application level or user level authentication.
d) Once a particular protocol is allowed to pass, external hosts can establish a direct connection to hosts on the Internal Network using that protocol. It could, therefore, expose the private Network configuration to everyone outside of the Network and reduce Network security.
The advantage of Packet filters is that they are very fast and transparent to users.
•Circuit Relay (Circuit Level Gateways):
In this approach, the firewall validates connections before allowing data to be exchanged. In other words, the firewall doesn't simply allow or disallow packets. Rather, it also determines whether the connection between both ends is valid according to configurable rules. Once validated, the connection is allowed only from the valid source and perhaps for a limited time. It can be configured based on source and destination ports or IP addresses, time of day, protocol user and password. In this method, each session is validated. However, once the session is established, the flow of data is not monitored.
Circuit level filtering is considered to be one step further than packet filtering, and it makes up for shortcomings of exploitable UDP protocol, wherein the source address is never verified due to the nature of the UDP protocol. It also makes IP spoofing more difficult.
The disadvantage of Circuit relay is the lack of application protocol checking. For example, if two cooperating users use an approved port number to run an unauthorized application, a circuit relay will not detect the violation.
•Hybrids (i.e. Stateful Inspection):
Due to weaknesses in packet filtering, some firewall vendors have introduced hybrid solutions. One of the more successful Hybrids (Stateful Inspection) provides access control at the Network layer by inspecting the content of incoming packets based on complex filters. However, more sophisticated techniques such as user authentication are not possible. A "stateful" firewall remembers the context of connections and continuously updates this state information in dynamic connection tables.
This method goes one step further. The Application Gateway acts as a Proxy for all applications and performs the data exchange with remote systems on their behalf and effectively makes the hosts behind the firewall invisible to the outside world. The advantages of this method are numerous. For example:
The firewall verifies that the application data is of a format that is expected and can filter out any known security holes.
The Application Gateway can allow certain commands to the server but not others, limit file access and authenticate users, as well as perform regular packet filtering duties.
Fine-grained control of connections is possible, including filtering based on the user who originated the connection and the commands or operations that will be executed. It can provide detailed logs of all traffic and monitor events on the Host system.
The firewall can be set up to trigger real time alarms when it detects events that are regarded as potentially suspicious or hostile.
Application level gateways are considered by far the most secure type of firewalls, especially when running services (www, FTP, Telnet, etc...) on your Network.
Disadvantages of Application Gateways are:
a) Loss of transparency to applications and slower response time.
b) Each application requires a unique program or proxy, making the process resource intensive.