Filtering rules are based on information contained in a network packet:
– source IP address
– Destination IP address
– Source and destination transport-level address:
– IP protocol field
– Interface
Two default policies:
-Discard prohibit unless expressly permitted
more conservative, controlled, visible to users
-Forward – permit unless expressly prohibited
easier to manage and use but less secure
If dynamic protocols are in use, entire ranges of ports must be allowed for the protocol to work.
Ports > 1024 left open
Packet filtering advantages
– simplicity
– Typically transparent to users and are very fast
Cannot prevent attacks that employ application specific vulnerabilities or functions
limited logging functionality
vulnerable to attacks and exploits that take advantage of TCP/IP
Packet filter firewalls are susceptible to security breaches caused by improper configurations