NetworkClue.com
NetworkClue Home PageHome Contact UsContact ConsultingConsult
Bulletin Board
Internet Services covers Secrets to hosting websites, Hosting your own web server, and using DNS Servers.Operating Systems leads you through the decision of Linux vs. Windows, ideal installations and setups to create an efficient and redundant environment for your business, and great features to make management easier.Routing & Firewalls contains articles that will allow you to take control of your router. Learn how to protect your company with access lists and advanced firewall techniques.Hardware answers the common questions about Switches vs. Hubs, recommends SysAdmin Tools, and recommendations for adequate power protection.Utilities will cover fighting spam, using Anti-Virus programs effectively and the must haves for every administrator's software toolbox.

Firewalls
-Firewall Breakdown
-Cisco Access Lists
-DSL/Cable Routers
Cisco
Network Equipment
TCP/IP
Bulletin Board

Packet Filtering

By Joshua Erdman
Digital Foundation, inc.

Before you start, make sure you have mastered the Network Address Translation firewall. If you have a private internal network you will continue to use NAT and just add onto it with more Firewall restrictions, such as Packet Filtering.

When would I use Packet Filtering?

With just a NAT firewall (whether or not you are port forwarding), all office users have full access to the Internet (including HTTP, FTP, Games, Instant Messaging, Fileswapping, etc). This may be more freedom than you want to give them. Not to mention virus programs these days; many come with their own built-in SMTP (e-mail) server and attempt to e-mail themselves all over the Internet.

How does it work?

A packet filtering firewall allows you to grant and restrict traffic flow not just for the source and destinations but also the port. If you read up on our TCP/IP article you know that each service relies on specific ports so if you can restrict certain ports, you can restrict those services. Blocking port 25 for all user workstations, for example is exactly how you would prevent an infected workstation from broadcasting e-mail viruses all over the Internet and using all your precious bandwidth.

What Devices can do this?

Any device that uses Access Control Lists. Since we are Cisco fanatics, we have articles on ACLs that go into detail on setting this up.

Packet Filtering on Windows XP

A simpler form of Packet Filtering is available on Windows XP machines. It is call the Windows Internet Connection Firewall. This firewall will not only protect your computer, but if your computer shares its Internet connection using Windows Internet Connection Sharing it can protect the internal PCs as well. Unfortunately this firewall is limited. It only allows to you list the available ports and computers for incoming traffic and has no capability for limiting the source. For example if you wanted to permit FTP traffic from the Internet so that you can access your office from home, you will be permitting FTP for the WHOLE Internet. Your ony protection for your FTP server will be the password security and the quality of programming on your FTP server.

Check back, we will have a very detailed article on Windows ICF shortly.

Article last reviewed: 01/19/2005


del.icio.us

Created by: Digital Foundation, inc.

Copyright © 2002-2005 Digital Foundation, inc.   www.networkclue.com

All content of the NetworkClue website is copyrighted. Articles, notes, outlines, and all other materials may not be stored on the Internet or sold or placed by themselves or with other material in any electronic or printed format in whole or part. However materials may be referenced by links to the site.

 

Related Articles:
NAT Firewall
Intrusion Detection
Sharing your Internet
   Connection
Cisco ACL Packet Filtering
   Firewall

Your Ad Here