“PACKET FILTERING”
1. Def:
Packet filtering is a way of ensuring network security that restricts the
flow of packets towards and away from a network. Here, depending on the
parameters of the packet such as an IP address, the port number as well as the
type and contents of the packet, certain preset criteria are either enforced for
acceptance or rejection of packets.
2. How it works:
Packet Inspection: Every data packet consists of a header and a
payload. The header contains details like source and destination IP addresses,
port numbers, and protocol type. Packet filtering examines these details.
Rule-Based Filtering: Packets are checked against a set of rules that
specify conditions for allowing or denying traffic. For instance:
Block packets from a specific IP address.
Allow only HTTP (port 80) traffic.
3. Criteria For Filtering:
Source/Destination IP Address: Determines whether the packet
comes from or is going to an authorized IP.
Port Numbers: Controls traffic based on specific service ports
(e.g., 80 for HTTP, 443 for HTTPS).
Protocol: Identifies allowed protocols like TCP, UDP, or ICMP.
Connection State (in stateful filters): Checks if the
packet is part of an ongoing, valid connection.
4. Application:
Source/Destination IP Address: Determines whether the
packet comes from or is going to an authorized IP.
Port Numbers: Controls traffic based on specific service ports
(e.g., 80 for HTTP, 443 for HTTPS).
Protocol: Identifies allowed protocols like TCP, UDP, or ICMP.
Connection State (in stateful filters): Checks if the
packet is part of an ongoing, valid connection.
�[Link]:
Efficiency: Operates quickly by inspecting packet headers.
Cost-Effective: Often integrated into existing network devices.
Customizable Rules: Administrators can define rules to meet specific
requirements.
