NETWORK ADMINISTRATION: PACKET-FILTERING FIREWALL

Introduction

A packet-filtering firewall examines each packet that crosses the firewall and
tests the packet according to a set of rules that you set up. If the packet passes the
test, it’s allowed to pass. If the packet doesn’t pass, it’s rejected.

Packet filters are the least expensive type of firewall. As a result, packet-filtering
firewalls are very common. However, packet filtering has a number of flaws that
knowledgeable hackers can exploit. As a result, packet filtering by itself doesn’t make
for a fully effective firewall.

Packet filters work by inspecting the source and destination IP and port
addresses contained in each Transmission Control Protocol/Internet Protocol
(TCP/IP) packet. TCP/IP ports are numbers that are assigned to specific services that
help to identify for which service each packet is intended. For example, the port
number for the HTTP protocol is 80. As a result, any incoming packets headed for an
HTTP server will specify port 80 as the destination port.

Background

One of the biggest weaknesses of packet filtering is that it pretty much trusts
that the packets themselves are telling the truth when they say who they’re from and
who they’re going to. Hackers exploit this weakness by using a hacking technique
called IP spoofing, in which they insert fake IP addresses in packets that they send to
your network.

Another weakness of packet filtering is that it examines each packet in isolation

without considering what packets have gone through the firewall before and what
packets may follow. In other words, packet filtering is stateless. Rest assured that
hackers have figured out how to exploit the stateless nature of packet filtering to get
through firewalls.

In spite of these weaknesses, packet filter firewalls have several advantages

that explain why they are commonly used:

 Packet filters are very efficient. They hold up each inbound and outbound
packet for only a few milliseconds while they look inside the packet to determine
the destination and source ports and addresses. After these addresses and
ports are determined, the packet filter quickly applies its rules and either sends
the packet along or rejects it. In contrast, other firewall techniques have a more
noticeable performance overhead.

 Packet filters are almost completely transparent to users. The only time a
user will be aware that a packet filter firewall is being used is when the firewall
rejects packets. Other firewall techniques require that clients and/or servers be
specially configured to work with the firewall.
  Packet filters are inexpensive. Most routers include built-in packet filtering.

Evaluation of the case

Present Problem of Packet-Filtered Firewall

In cases where a packet filter restricts access to a resource based on the source
IP address attempting to access that resource, the packet filter cannot verify whether
the packets originate from the real device or from a host or router spoofing this source
address. A transparent proxy illustrates this problem perfectly. A transparent proxy
frequently runs on a masquerading or NAT host which is connected to the Internet.
This machine intercepts outbound connections for a particular protocol (e.g, HTTP),
and simulates the real server to the client. The client may have a packet filter limiting
outbound connections to a single IP and port pair, but the transparent proxy will still
operate on the outbound connection.

A packet filter makes no effort to validate the contents of a data stream, so data
passed over a packet filter may be bogus, invalid or otherwise incorrect. The packet
filter only verifies that the network layer datagrams are correctly addressed and well-
formed. Many security devices, such as firewalls, include support for proxies, which
are application aware. These are security mechanisms which can validate data
streams. Proxies are often integrated with packet filters for a tight network layer and
application layer firewall.

Another area of network security which is not addressed by packet filtering is

encryption. Encryption can be used at a number of different layers in a networked
environment. Compare IPSec, encrypted packets, with Secure Sockets Layer (SSL),
which encrypts a single application layer session. IPSec operates at layer 3, while SSL
operates above layer 4. Packet filtering does not directly address the issue of
encryption in any way. Both are tools used in an ongoing effort to maintain and secure
a network.

Proposed solution/changes

Firewall is a software or hardware device that protects your computer from

being attacked over the internet by hackers, viruses, and worms. This may occur either
at a large corporate network, or simply at a small home network; both have the same
security issues.

Having a firewall in each company’s internet connection allows the business to

setup online rules for the users. For example, with the firewall the company can control
the access to certain websites, giving it the control of how employees use the network.
These are the different ways of how a firewall controls the online activities:

 Packet filtering: small amount of data is analyzed and distributed according to

the filter’s standards. .
 Proxy service: online Information is saved by the firewall and then sent to the
requesting system.
  Stateful inspection: matches specific details of a data packet to a database of
reliable information.
 Firewalls allow you to either add or remove filters based on certain
circumstances such as:
 IP addresses: If a certain IP address, not belonging to the company’s network
is accessing too many files from the server, this IP can get blocked by the
firewall.
 Domain names: with the firewall, a company is able to block or allow access
to certain domains.

Recommendation

Protect your home computer at home by turning on a firewall, or if you have

more than one, use a hardware firewall (such as a router) to protect your network. If
you use a “public” computer, you should follow the network administrator’s policy.

Even though some firewalls offer virus protection, it is recommended to install

anti-virus software on each computer. Depending on the layers of security you use,
you will determine how many threats can be blocked by your firewall, and prevent any
outside user to login into your private network.

In cases when you need to allow remote access from others to your network,
you may create a DMZ (Demilitarized Zone). This is an option provided by most of the
software firewalls; they will designate a directory on the gateway computer as a DMZ.