- TCP/IP Primer: How Packet Filtering Works
- TCP and UDP Ports
- TCP's Three-way Handshake
- The Cisco Router as a Packet Filter
- An Alternative Packet Filter: IPChains
- The Cisco ACL
- Effective Uses of Packet-Filtering Devices
- Egress Filtering
- Tracking Rejected Traffic
- Problems with Packet Filters
- Dynamic Packet Filtering and the Reflexive Access List
Throughout this chapter, we've discussed the many ways that packet filtering can be used as a means to secure the perimeter. We discussed the positive and negative points of using a packet filter as the means to control traffic flow based on address and port, and the weaknesses of the packet-filtering technology. We also discussed the improvement of packet-filtering technology through the use of dynamic packet filters.
Despite weaknesses in the packet filter's capability to track information and understand what it is tracking, it still has many uses that can make it a valuable part of your perimeter defense. Filters can be utilized to screen out unwanted traffic at the perimeter, to prevent possibly dangerous traffic from leaving your network, and even to tailor incoming traffic that is allowed.
Packet filters can be used in conjunction with other firewalls as a layer of an intricate defense-in-depth posture or as a standalone solution in lower-risk areas or where budgets are tight. After all, protection of information is a balancing act between the value of the data and the cost to protect it.
Packet-filtering technology can be a useful means to protect your network as long as you implement it with due consideration to its strengths and weaknesses.