Packet Filtering Objectives Introduction Underst in addition to ing Packets in addition to Packet Filtering Anatomy of a Packet

Packet Filtering Objectives Introduction Underst in addition to ing Packets in addition to Packet Filtering Anatomy of a Packet www.phwiki.com

Packet Filtering Objectives Introduction Underst in addition to ing Packets in addition to Packet Filtering Anatomy of a Packet

Rossman, Marlene, Contributing Wine Columnist has reference to this Academic Journal, PHwiki organized this Journal Packet Filtering Objectives Describe packets in addition to packet filtering Explain the approaches to packet filtering Recommend specific filtering rules Introduction Packets: discrete blocks of data; basic unit of data h in addition to led by a network Packet filter: hardware or software designed to block or allow transmission of packets based on criteria such as port, IP address, protocol To control movement of traffic through the network perimeter, know how packets are structured in addition to what goes into packet headers

Pennsylvania State University-Penn State York PA www.phwiki.com

This Particular University is Related to this Particular Journal

Underst in addition to ing Packets in addition to Packet Filtering Packet filter inspects packet headers be as long as e sending packets on to specific locations within the network A variety of hardware devices in addition to software programs per as long as m packet filtering: Routers: probably most common packet filters Operating systems: some have built-in utilities to filter packets on TCP/IP stack of the server software Software firewalls: most enterprise-level programs in addition to personal firewalls filter packets Anatomy of a Packet Header Contains IP source in addition to destination addresses Not visible to end users Data Contains the in as long as mation that it is intending to send (e.g., body of an e-mail message) Visible to the recipient Anatomy of a Packet (continued)

Anatomy of a Packet (continued) Packet-Filtering Rules Packet filtering: procedure by which packet headers are inspected by a router or firewall to make a decision on whether to let the packet pass Header in as long as mation is evaluated in addition to compared to rules that have been set up (Allow or Deny) Packet filters examine only the header of the packet (application proxies examine data in the packet) Packet-Filtering Rules (continued) Drop all inbound connections; allow only outbound connections on Ports 80 (HTTP), 25 (SMTP), in addition to 21 (FTP) Eliminate packets bound as long as ports that should not be available to the Internet (e.g., NetBIOS) Filter out ICMP redirect or echo (ping) messages (may indicate hackers are attempting to locate open ports or host IP addresses) Drop packets that use IP header source routing feature

Packet-Filtering Rules (continued) Set up an access list that includes all computers in the local network by name or IP address so communications can flow between them Allow all traffic between “trusted” hosts Set up rules yourself Packet-Filtering Rules (continued) Packet-Filtering Rules (continued)

Packet-Filtering Methods Stateless packet filtering Stateful packet filtering Stateless Packet Filtering Determines whether to block or allow packets—based on several criteria—without regard to whether a connection has been established Also called static packet filtering Useful as long as completely blocking traffic from a subnet or other network Criteria That a Stateless Filter Can Be Configured to Use IP header in as long as mation TCP or UDP port number being used Internet Control Message Protocol (ICMP) message type Fragmentation flags (e.g., ACK in addition to SYN)

Filtering on IP Header Criteria Packet’s source IP address Destination or target IP address Specify a protocol as long as the hosts to which you want to grant access IP protocol ID field in the header Filtering by TCP or UDP Port Number Helps filter wide variety of in as long as mation SMTP in addition to POP e-mail messages NetBIOS sessions DNS requests Network News Transfer Protocol (NNTP) newsgroup sessions Commonly called port filtering or protocol filtering Filtering by ICMP Message Type ICMP helps networks cope with communication problems No authentication method; can be used by hackers to crash computers on the network Firewall/packet filter must be able to determine, based on its message type, whether an ICMP packet should be allowed to pass

Filtering by Fragmentation Flags Security considerations TCP or UDP port number is provided only at the beginning of a packet; appears only in fragments numbered 0 Fragments numbered 1 or higher will be passed through the filter If a hacker modifies an IP header to start all fragment numbers of a packet at 1 or higher, all fragments will go through the filter Filtering by Fragmentation Flags (continued) Configuration considerations Configure firewall/packet filter to drop all fragmented packets Have firewall reassemble fragmented packets in addition to allow only complete packets to pass through Filtering by ACK Flag ACK flag Indicates whether a packet is requesting a connection or whether the connection has already been established A hacker can insert a false ACK bit of 1 into a packet Configure firewall to allow packets with the ACK bit set to 1 to access only the ports you specify in addition to only in the direction you want

Filtering Suspicious Inbound Packets Firewall sends alert message if a packet arrives from external network but contains an IP address from inside network Most firewalls let users decide whether to permit or deny the packet Case-by-case basis Automatically, by setting up rules Filtering Suspicious Inbound Packets (continued) Filtering Suspicious Inbound Packets (continued)

Rossman, Marlene Chef Magazine Contributing Wine Columnist www.phwiki.com

Stateful Packet Filtering Per as long as ms packet filtering based on contents of the data part of a packet in addition to the header Filter maintains a record of the state of a connection; allows only packets that result from connections that have already been established More sophisticated in addition to secure Has a rule base in addition to a state table Filtering Based on Packet Content Stateful inspection Proxy gateway Specialty firewall Setting Specific Packet-Filter Rules Rules to filter potentially harmful packets Rules to pass packets that you want to be passed through

Best Practices as long as Firewall Rules All traffic from trusted network is allowed out Firewall device is never accessible directly from public network SMTP data allowed to pass through firewall but all is routed to well-configured SMTP gateway All ICMP data is denied Telnet access to all internal servers from public networks is blocked When Web services are offered outside firewall, implement proxy access or DMZ architecture Rules That Cover Multiple Variations Must account as long as all possible ports that a type of communication might use or as long as all variations within a protocol Sample Network to Be Protected by a Firewall

Rules That Enable E-Mail Complicated; a variety of protocols might be used For inbound mail transport Post Office Protocol version 3 (POP3) Internet E-mail Access Protocol version 4 (IMAP4) For outbound mail transport Simple Mail Transfer Protocol (SMTP) For looking up e-mail addresses Lightweight Directory Access Protocol (LDAP) For Web-based mail service HyperText Transport Protocol (HTTP) POP3 in addition to SMTP E-Mail Rules Chapter Summary Packet header criteria that can be used to filter traffic Approaches to packet filtering Specific packet-filter rules

Rossman, Marlene Contributing Wine Columnist

Rossman, Marlene is from United States and they belong to Chef Magazine and they are from  Irvine, United States got related to this Particular Journal. and Rossman, Marlene deal with the subjects like Food; Wine

Journal Ratings by Pennsylvania State University-Penn State York

This Particular Journal got reviewed and rated by Pennsylvania State University-Penn State York and short form of this particular Institution is PA and gave this Journal an Excellent Rating.