Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.

com Volume 2, Issue 3, May June 2013 ISSN 2278-6856

Implementing network security policies: packet filtering mechanism

Mr. Amit Bhanot1, Dr. Leena jain2
Network Administrator, Radical Technical Institute, Amritsar, 143 001 (India)
2 Associate Professor & Head (MCA), Global Institute of Management and Emerging Technologies, Amritsar, 143 001(India) 1

Abstract: In this age of universal electronic connectivity, of

viruses and hackers, of electronic eavesdropping and electronic fraud, there is indeed no time at which security does not matter. The explosive growth in computer systems and their interconnections via networks has increased the dependency of both organizations and individual on the information stored and communicated using these systems. This has led to a heightened awareness of the need to protect data and resources from disclosure, to guarantee the authenticity of data and to protect systems from networkbased attacks. A firewall is a security guard placed at the point of entry between a private network and the outside Internet such that all incoming and outgoing packets have to pass through it. In this paper packet filtering rules with explanation along advantage and disadvantage has been presented.

Keywords: Network Security, Firewall, Packet filtering, TCP/IP

1. INTRODUCTION
A firewall is a security guard placed at the point of entry between a private network and the outside Internet such that all incoming and outgoing packets have to pass through it. Firewall expertise has enhanced significantly since it was ntroduced in the early 1990s [1].The function of a firewall is to examine every incoming or outgoing packet and decide whether to accept or discard it [2]. In other words a firewall simply a group of components that collectively form a barrier between two networks [3]. Basically, a firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources. Firewalls are typically implemented using one of four primary architectures (I) Packet Filters (II) Circuit-level Gateways (III) Application Proxies and (IV) Network Address Translation. In this paper we focuses on packet Filters, how the packet filters are work, how we can define the protocol etc.

2. WORKING OF PACKET FILTERS

It is the oldest method used in firewall technology. It works in the network layer of the OSI model or IP layer of TCP/IP model. All Internet traffic travels in the form of Volume 2, Issue 3 May June 2013

packets. A packet is a quantity of data of limited size, kept small for easy handling. When larger amounts of continuous data must be sent, it is broken up into numbered packets for transmission and reassembled at the receiving end. A packet is a series of digital numbers basically, which conveys these things: The data, acknowledgment, request or command from the originating system The source and destination IP address and port Information about the protocol (set of rules) by which the packet is to be handled Error checking information Usually, some sort of information about the type and status of the data being sent Often, a few other things too - which don't matter for our purposes here. In packet filtering, each packet passing through a firewall is compared to a set of rules before it is allowed to pass through. Depending on the packet and the rule, the firewall can drop the packet, forward it, or send a message to the Source (figure 1). The rules which determine which packets to be sent, and which not to be sent can be based on the source and destination IP address, source and destination port number or the protocol used. Packet filtering can also be done at the router level, providing an additional layer of security. For example, if a certain destination IP address is found in a packet, it could be dropped or if the packet confirms to a certain protocol, it could be dropped for companies which do not allow internet access to their employees. Figure 2 represents how Packet Filters interact with the TCP/IP Network Models [4]. The packet filtering can be divided into two parts: 1. Stateless packet filtering. 2. Stateful packet filtering. The data travels through the internet in the form of packets. Each packet has a header which provides the information about the packet, its source and destination etc. The packet filtering firewalls inspects these packets to allow or deny them. The information may or may not be remembered by the firewall. 2.1 STATELESS PACKET FILTERING Page 52

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 3, May June 2013 ISSN 2278-6856
In stateless packet filtering the information about the passing packets is not remembered by the firewall. These types of firewalls are not smart enough and can be fooled very easily by the hackers. These are especially dangerous for UDP (User Datagram Protocol) type of data packets. The reason is that, the allow/deny decisions are taken on packet by packet basis and these are not related to the previous allowed/denied packets. 2.2 STATEFUL PACKET FILTERING In stateful packet filtering the firewall remembers the information about the previously passed packets. These can be termed as smart firewalls. This type of filtering is also known as Dynamic packet filtering. Some, for instance, apply filtering rules in the same order as routing table entries; that is, they apply rules referring to more specific addresses (such as rules pertaining to specific hosts) before rules with less specific addresses (such as rules pertaining to whole subnets and networks) The more complex the way in which the router reorders rules, the more difficult it is for the administrator to understand the rules and their application; routers which apply rules in the order specified by the administrator, without reordering the rules, are easier for an administrator to understand and configure, and therefore more likely to yield correct and complete filter sets. Table 1 represent packet filter firewall rule set and it is clear that Packet filters usually permit or deny network traffic based on:
Source and destination IP addresses IP protocol(TCP and UDP) Source and destination of TCP and UDP ports The interface where the packet arrives The interface where the packet is destined Table 1: Sample Packet Filter Firewall Rule set

Figure 1 Packet-Filtering Firewall

3.1 Explanation of the rules In this rule the packet-filtering firewall has a rule placed on its inbound interface from the Internet stating that any external traffic sent to 201.1.2.1 (a user's PC) is denied. As shown in Figure 3, when 170.1.1.1 tries to access 201.1.2.1, the packet-filtering firewall drops the traffic. Means this rule simply blocks external packets from directly accessing the firewall. In second rule exclude the firewall from forwarding any packets with a source address 170.1.1.1 to 201.1.2.1 from the firewall; this condition would indicate that an attacker is spoofing the firewalls address in the hopes that the firewall would pass this packet to an internal destination. As a result, the destination might then accept the packet since it would appear to have come from the trusted firewall. As shown in figure 4. In third rule, the source originally opened a source port greater than 1023, such as 10,000, and used a destination port of 80 for HTTP. Therefore, to allow the traffic to return from 170.1.1.1, the packet-filtering firewall needs a rule that will allow port 10,000. Of course, the problem with this is that the source can use any source port number greater than 1023: Whichever one is free and is chosen by the operating system is the one assigned. Therefore, you would have to allow all ports greater than 1023 to allow the returning traffic to 201.1.2.1, as shown in Figure 5. The fourth rule allows Page 53

Figure 2 Interactions between Packet Filters and TCP/IP Network Models [3]

3. Filtering Policy
Normally, the filtering rules are expressed as a table of conditions and actions that are applied in a certain order until a decision to route or drop the packet is reached. When a particular packet meets all the conditions specified in a given row of the table, the action specified in that row (whether to route or drop the packet) is carried out; in some filtering implementations, the action can also indicate whether or not to notify the sender that the packet has been dropped (through an ICMP message), and whether or not to log the packet and the action taken on it. Some systems apply the rules in the sequence specified by the administrator until they find a rule that applies which determines whether to drop or route the packet. Others enforce a particular order of rule application based on the criteria in the rules, such as source and destination address, regardless of the order in which the rules were specified by the administrator. Volume 2, Issue 3 May June 2013

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 3, May June 2013 ISSN 2278-6856
internal systems to connect to external systems, using any external addresses and any protocol. Rules 5 and 6 allow external packets pass the firewall if they contain SMTP (Simple Mail Transport Protocol) data or HTTP data, that is, email and web data respectively. The final rule, a very important one, blocks any other packets from the outside. One can deduce, then, that the information security policy for the network is as follows: Any type of access from the inside to the outside is allowed. No access originating from the outside to the inside is allowed except for SMTP and HTTP. Also, the SMTP and HTTP servers are positioned behind the firewall An important point is that if the last rule were accidentally skipped, all traffic originating from the outside would be permitted. When the rule set is much longer and more detailed, mistakes can be made that could prove disastrous. The rule set should be examined very carefully before implementation, and regularly thereafter, not only to ensure that correct protocols are allowed based on business requirements, but also to minimize logical errors when new rules are added. A final note about packet filters: filtering can occur on outbound as well as inbound traffic. An organization could choose to restrict the types of traffic originating from within the organization, such as blocking all outbound FTP traffic. In practice, outbound filtering is often employed on IP addresses and application traffic, for example, to block all users, internal and external, from connecting to certain systems such as the packet filter itself, backup servers, and other sensitive systems. 3.2 Advantage of Packet Filters These firewalls are low cost, have only a small effect on the network performance, They do not require client computers to be configured in any particular way. Application independence Scalability Packet filtering is fast, flexible and transparent (no Changes are required at the client). They can process packets at very fast speeds. They easily can match on most fields in Layer 3 packets and Layer 4 segment headers, providing a lot of flexibility in implementing security policies. 3.3 Disadvantage of Packet Filters They are not considered to be very secure on their own because they do not understand application layer protocols. They cannot make content-based decisions on the packets.

Figure 5 Rule Set 3

They are stateless and do not retain the state of a connection. They also have very little or no logging capability which makes it hard to detect if the network is under attack. Testing the grant and deny rules is also difficult which may leave the network vulnerable or incorrectly configured.

4. Conclusion
Figure 3 Rule Set 1 A firewall is a security guard placed at the point of entry between a private network and the outside Internet such that all incoming and outgoing packets have to pass through it. In this paper packet filtering firewall has been discussed. How we can define the rule set in packet filtering firewall, how they are work, what are the advantage and disadvantage of the packet filtering firewall.

References:
[1] M. Bishop, Early computer security papers, part 1, http://csrc.nist.gov/publications/history/index.html.1998. [2] Mohamed G. Gouda, Alex X. Liu Structured firewall design, Computer Networks 51 (2007) 11061120 [3] Matt Curtin Introduction to Network Security March 1997 [4] Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper, june 2001.

Figure 4 Rule Set 2

Volume 2, Issue 3 May June 2013

Page 54

Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 3, May June 2013 ISSN 2278-6856 AUTHOR
Mr. Amit Bhanot has done MBA, RHCE, CCNA, MCSE and MCITP. Presently he is working as a Network Administrator, Radical Technical Institute, Amritsar. He has more Six years of experience. Dr. Leena jain has done MCA and Ph. D. she has to her contribution 30 papers published in National/ International journals, 1 text book. Presently she is working as Head of Department MCA, Global Institute of Management and Emerging Technologies, Amritsar. She has more than eight years of experience in the academia.

Volume 2, Issue 3 May June 2013

Page 55