Packet Filtering and Stateful Firewalls
Avishai Wool, Tel Aviv University, Israel
Limitations of Basic Packet Filtering
Advantages of Stateful Filtering
Limitations of Stateful Filtering
Which Configuration Errors to Count?
Complexity Matters: Small Is Beautiful
Why Use Direction-Based Filtering?
Usability Problems with Direction-Based Filtering
INTRODUCTION
The Internet is like a system of roads that transport packets of data from one computer network to another, using the transmission control protocol/Internet protocol (TCP/IP) protocol suite. However, not all IP traffic is welcome everywhere. Most organizations need to control the traffic that crosses into and out of their networks: to prevent attacks against their computer systems, to prevent attacks originating from their network against other organizations, to prevent attacks originating from inside of the organization against other parts of the organization (insider threat, i.e., an employee in finance trying to get into the human resources department network), and to conform with various policy choices. The firewall is the primary control ...
Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
