Manualshelf

Installation guide

ManualsBrandsCyberGuard ManualsComputer equipmentSG570
11121314151617181920
15
STEP 5: Understanding different types of firewalls
Packet filters
Data transferred via TCP/IP protocol is usually sent in the form of ‘packets’.
Each packet contains small amounts of data attached to a ‘header’ which has information about the
purpose, source and destination of the packet.
A packet filtering firewall looks at each packet and, depending on a nominated set of rules, decides whether
or not to let them pass through. It filters packets depending on rules set about the port, direction (ingoing/
outgoing traffic) as well as source and destination IP addresses. Using the analogy to the practice phone
system – a doctor’s receptionist receives many calls but doesn’t automatically put them all through to the
doctor. The receptionist only puts through calls that are agreed as appropriate to forward to the doctor. All
other calls are blocked. (Alternatively the receptionist can forward all calls except those on a ‘denied’ list).
Advantages of simple packet filters
Very fast – no bottle neck caused by the firewall.
Use few resources – devices are inexpensive, draw little power, and generate little heat.
Simplicity – less chance for faulty implementation (bugs), often more robust than more
complex solutions.
Limitations of simple packet filters
Formally invalid TCP packets or packets that do not seem to belong to an active connection
cannot be filtered.
UDP packets cannot be filtered properly. This is an important drawback. You can either block
all UDP transactions or accept that you are vulnerable in that regard.
Working around the limitations of packet filtering
Always make sure that you apply security patches as soon as they become available to all
network active applications. Attacks that slip though a packet filter based on incorrect
packages will only work as long as there are any exploitable faults in application networking
code.
Block all incoming UDP connection attempts. Most users in General Practice use UDP only
for DNS lookups and will not provide DNS services themselves.
Examples of packet filtering firewalls
Older Linux systems (Kernels 2.2x and lower).
Many routers (e.g. CISCO ACLs, most ADSL modem routers / wireless routers).
Stateful packet filters
This is essentially a packet filter that knows about the history of a packet and can see it in the context of a
connection.
Using the analogy to the practice phone system – somebody rings and asks to be put through to Dr X. He
claims he is returning a call. A ‘stateful’ receptionist keeps a phone log and checks if Dr X did ring that
person in the first place, and will only put this call through if the log indicates that this is a legitimate return
call.
Advantages of stateful packet filters
Simple and fast technology.
Protects against ‘answer’ session exploits.
Protects against some DoS attacks like ‘SYN flooding’.