Definitions[]
A packet filter is
| “ | [a] type of firewall that examines each packet and accepts or rejects it based on the security policy programmed into it in the form of rules.[1] | ” |
| “ | [a] routing device that provides access control functionality for host addresses and communication sessions.[2] | ” |
Strengths[]
Packet filters have two main strengths: speed and flexibility. Packet filters can be used to secure nearly any type of network communication or protocol. This simplicity allows packet filters to be deployed into nearly any enterprise network infrastructure. Note that their speed, flexibility, and capability to block denial-of-service and related attacks make them ideal for placement at the outermost boundary with an untrusted network.
Weaknesses[]
Packet filters possess several weaknesses:
- Because packet filters do not examine upper-layer data, they cannot prevent attacks that employ application-specific vulnerabilities or functions.
- Because of the limited information available to the firewall, the logging functionality present in packet filters is limited. Packet filter logs normally contain the same information used to make access control decisions (source address, destination address, and traffic type).
- A firewall relying solely on packet filtering would not support advanced user authentication schemes.
- They are vulnerable to attacks and exploits that take advantage of flaws within the TCP/IP specification and protocol stack, such as network layer address spoofing.
Consequently, packet filters are very suitable for high-speed environments where logging and user authentication with network resources are not important.[3]
References[]
- ↑ Practices for Securing Critical Information Assets, Glossary, at 56.
- ↑ NIST Special Publication 800-41.
- ↑ NIST Special Publication 800-36, at 26.