Packet filter
Talk0
23,621pages on
this wiki
this wiki
Contents |
Definition 
Edit
A packet filter is
| “ | [a] type of firewall that examines each packet and accepts or rejects it based on the security policy programmed into it in the form of rules.[1] | ” |
Strengths Edit
Packet filters have two main strengths: speed and flexibility. Packet filters can be used to secure nearly any type of network communication or protocol. This simplicity allows packet filters to be deployed into nearly any enterprise network infrastructure. Note that their speed, flexibility, and capability to block denial-of-service and related attacks make them ideal for placement at the outermost boundary with an untrusted network.
Weaknesses Edit
Packet filters possess several weaknesses:
- Because packet filters do not examine upper-layer data, they cannot prevent attacks that employ application-specific vulnerabilities or functions.
- Because of the limited information available to the firewall, the logging functionality present in packet filters is limited. Packet filter logs normally contain the same information used to make access control decisions (source address, destination address, and traffic type).
- A firewall relying solely on packet filtering would not support advanced user authentication schemes.
- They are vulnerable to attacks and exploits that take advantage of flaws within the TCP/IP specification and protocol stack, such as network layer address spoofing.
Consequently, packet filters are very suitable for high-speed environments where logging and user authentication with network resources are not important.[2]
References Edit
- ↑ Practices for Securing Critical Information Assets, Glossary, at 56.
- ↑ NIST Special Publication 800-36, at 26.
