Firewall Technologies: Packet Filtering, Proxy, and Stateful Inspection

Posted on Jan 3, 2025 in Computers

Firewall Technologies

Packet filtering – Packets (small chunks of data) are analyzed against a set of filters. Packets that pass the filters are sent to the requesting system; all others are discarded.

Proxy service – Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.

Stateful inspection – A newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information.

IP addresses – Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four “octets” in a “dotted decimal number.” A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.

Domain names – Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names.

Protocols – The protocol is the pre-defined way that someone who wants to use a service talks with that service. The “someone” could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http is the Web’s protocol.

Some common protocols that you can set firewall filters for include:

• IP (Internet Protocol) – the main delivery system for information over the Internet
• TCP (Transmission Control Protocol) – used to break apart and rebuild information that travels over the Internet
• HTTP (Hyper Text Transfer Protocol) – used for Web pages
• FTP (File Transfer Protocol) – used to download and upload files
• UDP (User Datagram Protocol) – used for information that requires no response, such as streaming audio and video
• ICMP (Internet Control Message Protocol) – used by a router to exchange the information with other routers
• SMTP (Simple Mail Transport Protocol) – used to send text-based information (e-mail)
• SNMP (Simple Network Management Protocol) – used to collect system information from a remote computer
• Telnet – used to perform commands on a remote computer

Ports – Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.

Specific words and phrases – This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word “X-rated” in it. The key here is that it has to be an exact match. The “X-rated” filter would not catch “X rated” (no hyphen). But you can include as many words, phrases and variations of them as you need.

• • • on – encima de under – debajo de in – en inside – adentro outside – afuera in front of – en frente de behind – atrás next to – al lado

      between – entre (dos) among – entre muchos across from – del otro lado de la calle / enfrente (también se dice “opposite”) opposite – del otro lado / enfrente (de la calle u otra cosa) above – arriba below – abajo around – alrededor on the right – a la derecha on the left – a la izquierda