eBiz Bodyguard

You may want to read the previous post first to get a handle on what packets are. This article will then make more sense for you.

There are two main types of firewall:

• Packet Web Filter
• Application Level Gateway

A Packet Web Filter has no knowledge of the existence of sessions. So it deals with each packet individually and independently of any other packets that make up the same session.

The simplest type of packet filter, works on the basis of the address information it finds in each packet. It compares this information against its security settings. And like a building security guard, it either allows a packet to pass or prevents its entry.

Packet filtering security is primarily limited to two conditions:

1. Granting access based on the IP address of the computer attempting the connection. It can either allow access to all but a few IP addresses, or deny access to all but a few IP addresses. The user sets the addresses it does or doesn’t allow in the security settings.

2. Restricting access based on the Internet service that produced a packet. For example, the packet filter can be set to disallow all Telnet access, but allow the transmission and receipt of email.

These two conditions can be combined to produce specific security conditions. For example, Telnet access can be granted to certain trusted IP addresses.

Packet filtering is easy to set up and install and it’s also fast. However, it can’t detect or prevent attacks using the software applications on your computer and doesn’t hide your computer from being seen by everyone else on the Internet.

The Application Level Gateway is fully aware of the existence of sessions and processes each packet in full knowledge of the session that the packet is associated with.

It doesn’t just ‘filter’ packets and sessions, but acts as a gateway between your computer and the Internet. Packets that pass its security check are unpacked and then repacked before being allowed to proceed. It’s like a customs officer checking your bags at an airport. It strips the address information from each packet and replaces it with its own. The packets now appear to have been produced by the gateway itself.

It does this to hide the real originator of the packet, your computer, from the destination computer. In this way, your computer becomes invisible to all other computers on the Internet. This provides an additional level of security to that achieved by packet filtering alone. It’s very difficult to hack a computer that doesn’t exist!

The gateway may also incorporate application level filtering. There are known security weaknesses in several Internet applications that you may use on your computer. Any packet the gateway receives that tries to exploit one of these is prevented access.