Most appliance routers and many software routers, such as the RRAS (Routing and Remote Access Service) of Windows Server, are able to perform firewall filtering services in addition to routing. Those screening routers that perform firewall filtering might provide enough sentry security for your needs. However, if you want more advanced features, a screening router is unlikely to be the best solution for your network. Ingress and Egress Filtering Ingress and egress filtering is a common tool for spoof filtering. A source address that comes from the opposite side of the firewall than where it is assigned is obviously a spoofed address. An example of this is when an internal LAN address appears as a source address in a packet on its way in to a network from outside. This form of spoof filtering can be part of ingress filtering. Likewise, the same process can filter for packets leaving a network. If a packet with a source address from the outside such as an Internet address is received by a firewall from an interface inside the private LAN, this is also a spoofed address. This form of spoof filtering can be part of egress filtering. Ingress and egress filtering can expand beyond spoofing protection and include a variety of investigations on inbound and outbound traffic. This can include black list and white list filtering, protocol and port blocking, and confirmation of authentication or authorization before communications continue. Unfortunately, if a packet’s spoofed addresses don’t violate any of these concerns, the spoofed addresses might not be as easy to detect. For example, if a client spoofs an IP address to look like another client in the same subnet, the rules just described to catch spoofing would fail to notice this spoofed communication. In addition to basic ingress and egress filtering, firewalls can support additional forms of packet examination and investigation. Types of Filtering Filtering is the primary function of a firewall. Through its filtering services, most of the other benefits and capabilities of firewalls apply. Firewalls can support many different
CHAPTER 2 | Firewall Fundamentals 69 2 Firewall Fundamentals forms of filtering. Additionally, the terms used for the type of filtering and the type of firewall are often used interchangeably. For example, a firewall that supports packet filtering is known as a packet filtering firewall. Static Packet Filtering The most common form of filtering is static packet filtering . Static packet filtering uses a static or fixed set of rules to filter network traffic. The rules can focus on source or destination IP address, source or destination port number, IP header protocol field value, ICMP types, fragmentation flags, and IP options. Static packet filtering is therefore mainly focused on the network layer (layer 3), but can also include transport layer (layer 4) elements. Static packet filtering focuses on header contents and does not examine the payload of packets or segments.
You've reached the end of your free preview.
Want to read all 36 pages?
- Fall '14
- IP address, security policy, Firewall Fundamentals