A packet-filtering firewall is a type of firewall that filters network traffic to block any packets that carry malicious code or files.
To understand this, here’s some background: Data packets are the primary unit used for transferring data between networks in telecommunications. In addition to content, packets carry sender and receiver information from IP addresses to ports and communication protocols.
In packet filtering, data passes through a network interface or layer that stands between the sender and the network’s internal components. This layer determines whether the packet is blocked or allowed to pass, depending on its content and superficial contact information.
When this process is used in network firewalls, the result is a packet-filtering firewall. Similar to standard firewall solutions, packet-filtering firewalls sit at the outer perimeter of the network and monitor the flow of outgoing and incoming web and network traffic. Each data packet is scanned and checked against a set of security policies and configurations, allowing the software to determine whether to allow or block the communication.
Continue reading to learn about how packet-filtering firewall technology works, its unique features, pros and cons, as well as the best providers on the market.
For more information, also see: Why Firewalls are Important for Network Security
How Packet-Filtering Firewalls Work
Packet-filtering firewalls are responsible for regulating the flow of data entering and exiting the network, all while keeping network security, integrity, and privacy in mind. Most packet-filtering firewalls work by scanning the IP addresses and ports of the packets’ sources and destinations to determine whether they come from a trusted source.
What the firewall considers safe communication depends on pre-set rules and configurations. In some instances, filtering may also include the packet’s communication protocols and contents.
For more information, also see: Data Security Trends
4 Types of Packet-Filtering Firewalls
Packet-filtering is a network security technology that can be employed in several ways, depending on an organization’s accompanying software and system configurations. These methods include static, dynamic, stateless, and stateful.
Static Packet-Filtering Firewalls
Static packet-filtering firewalls require you to manually set up the filtering rules, allowing for more administrative control. That’s especially the case with smaller and low-traffic networks, as static packet-filtering firewalls can manually open or close internal and external network communication on demand.
Dynamic Packet-Filtering Firewalls
On the other end of the spectrum are dynamic packet-filtering firewalls. Instead of forcing you to manually open or close communication ports, this type of firewall can open and close ports automatically during specified periods of time or set time intervals. They are generally more flexible firewall solutions that can be automated to suit the current security needs of your network.
Stateless Packet-Filtering Firewalls
When looking for a packet-filtering firewall alternative that’s both lightweight and capable of handling large volumes of traffic, stateless firewalls are the answer. They do not inspect individual instances of traffic, so they are best suited for networks that strictly communicate with trusted servers. Out of the box, they require some level of configuration to operate properly.
Stateful Packet-Filtering Firewalls
Stateful packet-filtering firewalls focus on individual communications sessions rather than the data being transferred. They continuously track all of the network’s active connections, verify UDP and TCP streams, and recognize incoming and outgoing traffic through the context of IP addresses and ports.
Choosing the right variation of packet-filtering firewall for your network depends on multiple factors, such as the levels of security you require, traffic volume, technical support requirements, and coverage for the most vulnerable aspects of your network.
For more information, also see: How to Secure a Network: 9 Steps
Advantages of Packet-Filtering Firewalls
Independent packet-filtering firewalls work to monitor traffic in the network layer — Layer 3 — of the Open Systems Interconnection (OSI) model. The advantages they offer include transparency, ease-of-use and efficiency.
Packet-filtering firewalls work in the background without interfering with or disturbing the operation of the network. As long as the data flows, you won’t hear from the firewall. It only sends out a notification once a packet has been blocked, along with the reason for the ban.
This makes packet-filtering firewalls user-friendly solutions that don’t demand custom software, specialized user training, or the setup of a dedicated client machine.
Ease-of-Use and Accessibility
Packet-filtering firewalls are some of the easiest firewall solutions to implement and use. Both implementation and setup don’t require intensive knowledge or training. With limited knowledge, these firewalls can be utilized to secure the entirety of your network through the network layer.
Packet-filtering firewalls are some of the most affordable firewalls available. They often come built-in with many router devices. The same efficiencies apply to hardware requirements: they’re lightweight, don’t use up your system’s resources, and can function with a single router device.
When used within small and medium-sized networks, packet-filtering firewalls are helpful for maintaining security on a budget.
One of the leading benefits of packet-filtering firewalls is their high-efficiency processing that doesn’t compromise on speed. Since most packet-filtering firewall technology is basic and doesn’t require a lot of knowledge that’s often required to operate intelligent software, their decision-making time frame is incredibly short.
Furthermore, without an added logging feature, most packet-filtering firewalls don’t regularly keep their filtering information, which saves on data storing time and memory storage space.
On a related topic, also see: Top Cybersecurity Software
Disadvantages of Packet-Filtering Firewalls
While packet-filtering firewalls have their benefits, highly-specific packet-filtering firewalls also have some drawbacks, especially when used as stand-alone solutions. These include less security, inflexibility, and a minimal support protocol.
Comparatively Less Security
When held up against other firewall types, packet-filtering firewalls are some of the least secure. They aren’t intelligent and are unable to protect against complex and zero-day cyber threats.
Their biggest security weak point is they allow all traffic that originates from an authorized port or IP address, making them especially vulnerable to IP spoofing attacks.
Packet-filtering firewalls work in the moment. Most don’t have the necessary intelligence or flexibility needed to consider previous attacks or packet blocks.
You’ll need to manually make changes to the configurations and functionality of the firewall in order to stay up to date on the latest threats.
Lack of Built-in Logging
While the lack of built-in logging capabilities helps with keeping the firewall software fast and lightweight, it also poses difficulties for businesses and network administrators that rely on traffic logging for compliance purposes or for analyzing the state of the network.
Minimal Protocol Support
Packet-filtering firewalls are stateless firewalls that can only handle a set variety of communication protocols. Even with careful configuration, some varieties are still unable to support RPC-based protocols, such as NFS and NIS/YP.
Best Packet-Filtering Firewall Providers
When it comes to picking out the right packet-filtering firewall solution, it’s important to take into consideration the variety of added features and benefits offered by different providers.
A couple of the leading packet-filtering firewall providers include:
Sophos Group is an Abingdon, United Kingdom-based developer and provider of network security software and hardware. It helps corporate clients set up, manage, and secure all aspects of their networks, from encryption and endpoint protection to email security and threat management efforts.
Sophos UTM (Unified Threat Management) is a network security solution that aims to simplify the management and administration of network security packages through a single modular appliance. Aimed at small and medium-sized businesses, it greatly simplifies network and infosec efforts through a centralized system.
Fortinet is a Sunnyvale, California-based developer and vendor of enterprise-grade Next-Generation Firewalls (NGFWs) and network security solutions. It aims to provide tools and solutions to simplify the management and security of IT infrastructures for organizations and corporations.
FortiGate is Fortinet’s NGFW solution that promotes security-driven management and consolidation of networking infrastructure. It employs various security capabilities such as an Intrusion Prevention System (IPS), Secure Socket Layer (SSL) inspection, and advanced filtering to examine the headers and attributes of packets, including their ports and IP addresses.
Bottom Line: Packet-Filtering Firewalls
Packet-filtering firewalls are designed to examine the IP addresses and ports of incoming and outgoing data packets to determine their validity. They’re some of the lightest, most affordable, and easy-to-use firewall solutions available. However, they fall short in the complexity of security they offer as stand-alone solutions.
They come in a variety of types, from stateless and stateful to static and dynamic, and can be purchased or enlisted from a number of trusted cybersecurity software and hardware vendors.
For more information, also see: What is Big Data Security?