Packet Filtering Firewalls: How They Work and When to Use Them

Most businesses nowadays prioritize network security, and among all security aspects, the most impactful one is access control. Lots of companies use firewalls to help filter traffic, and that is obviously beneficial.

There are various types of firewalls, and here we will share important information regarding packet filtering ones. If you want to know more about this specific technology, we will help you understand its functioning and share some comparisons with other security options.

Understanding Packet Filtering Mechanisms

Package filtering is a firewall technology that functions against external intrusions. The technology functions by monitoring the traffic with specific rules applied to the data packets and allowing/rejecting some volumes of traffic.

Packet filters evaluate data divided into packets at the network edge. These data containers are relatively small, which helps with the efficient transition and fault tolerance. The packets have 2 major components:

• Headers. They include information regarding the destination, origin, and identity of the packets. With such information, it is possible to transport information wherever it is needed.
• Payloads. This is information that should be transmitted. Such data cannot be analyzed with the filters.
  With the help of a packet filter firewall, it is possible to analyze whether specific packets should enter the network. To do this, the header of the packet is checked according to:
• Destination/source address of outbound/inbound packets.
• IPs of packets.
• Header flags.
• The transfer protocol that is used and is usually TCP, UDP, or ICMP.
• NIC interface.

All this information is checked by the firewall according to the access control lists and predefined rules. In case the rules are met, then transmission continues; if not, the process is denied.

Essential Features of Packet Filtering Firewalls

• Function on individual packets of data.
• Rules are applied to the information entering the networks.
• Deep inspections aren’t done.
• External packet information is used.
• The filters don’t remember previous information, so each packet is assessed on its own.

Common Applications of Packet Filtering

The main usage of packet filtering relates to network security. All the devices, apps, and information are protected from various external threats. By detecting unusual activity and denying its entry, it is possible to exclude lots of risks, including data breaches and malware payloads.

Packet filters function on a much superficial level when compared with the newest firewall types. However, this can be a huge bonus in some cases. For instance, this approach is way faster, and that can be a huge bonus in situations when security isn’t the major priority.

With this technology, it is possible to use IP allow lists to monitor the traffic activity. Also, to simplify the process, even more authenticated IPs can be added to the ACL. By doing so, only authorized users will have access to the necessary information, and others won’t.  

Categories of Packet Filtering Firewalls

To get a better understanding of packet filtering, let’s review some categories of these firewalls.

H3 - Static Packet Filtering Firewalls

Static packet filtering uses the same set of rules before the changes are made. Besides the rules that can be changed by the administrator, network connections can also be regulated by the experts.

Such types of firewalls can be configured in various ways by managing ports, determining specific rules, and using access control lists.

Static filters are extremely beneficial because of the simplicity of usage and installation process. The main limitation relates to the configurations and the necessity to update settings. There are almost no automated features, so a small organization will benefit from them, whereas a huge business usually requires more scalable settings.

Dynamic Packet Filtering Firewalls

Dynamic firewalls can change their initial configuration according to changes in the security environment. For instance, the firewalls can be configured in such a way that ports will be closed/opened during a specific period.

To minimize the huge admin workload, this type of firewall can help with the automation of some settings. The security control in the dynamic environment can be either relaxed or intensified depending on the circumstances.  

Stateless Packet Filtering Firewalls

Stateless type of packet filtering functions by analyzing each packet individually. The information about the state of packets is not stored, so the predefined rules are applied to guarantee security standards.

Stateless firewalls function by the use of ACLs. This relates to the information about the destination/source ports and IP addresses.

Stateful Packet Filtering Systems

This is a more advanced system that evaluates the state of packets prior to allowing/denying access. Such a packet filtering system stores data about every access request for most transfer protocols, specifically for UDP and TCP. With time, it is possible to get detailed profiles about the users, so the detection of suspicious activity will be easier.

Generally, these options guarantee better security by tracking suspicious IPs. However, at the same time, this system is more vulnerable to DDoS attacks because of the data-gathering features.

Drawbacks of Packet Filtering Firewalls

Packet filtering technology appeared in the 1980s, and since then, lots of innovations in this sphere have appeared. Lots of experts agree that such an approach might be considered as too aging one so here we will share a couple of drawbacks that come with this technology.

1. Limited Security Capabilities

The issues with security in this technology occur because the access is made on the basis of superficial information such as port number, IP, and protocol data. Information about app usage or user device is not considered.

Moreover, the filtering is made only regarding the packet exterior. In case there is suspicious code in the payloads, it won’t be properly filtered and will enter the network.

The most vulnerable type of firewall is considered to be Stateless. Because every access is processed separately, hackers have more options for attacks. When there is an attempt to mount attacks, the firewall doesn’t store any data regarding this process.

2. Basic Data Logging Functions

This technology logs very basic information regarding the network traffic, and that can directly impact the compliance issues. Standards regarding data regulations are becoming stricter, and sometimes it is almost impossible to show evidence of integrity with packet filtering.

The standard security level is also impacted by the absence of logging, because there is no information regarding access requests. IT experts can have issues with identifying suspicious activity, and that can provoke huge vulnerabilities.    

3. Restricted Flexibility

Packet filters have some limitations in terms of the offered flexibility of the network access. They offer filtering according to the port numbers or IP addresses. This is an extremely minimal offer when compared with other access management options.

Modern firewalls can automatically adapt to some circumstances and offer lots of features. While packet filtering firewalls offer access to the manual setup rules, there is no packet inspection, and threat management is not automated.

4. Unsuitability for Large-Scale Organizations

When this technology is used by small companies, it is very simple and lightweight. Whereas a huge corporation can make this system very heavy.

There are lots of tasks that should be managed manually, and there is no automation in the process of rule updates. This can lead to human error and a bigger workload.

5. Over-Reliance on Trust

Because this technology does not check the payloads, hackers can access the system while disguised as trusted users.

One more risk is that this technology doesn’t log historical data. There won’t be any records about trusted and untrusted users, because such firewalls mainly rely on ACLs. In addition to this, such a list can be out of date.

Comparing Packet Filtering Firewalls and Proxies

Proxies and packet filtering firewalls might be considered as alternatives, because they protect the network edge by monitoring the traffic activity. However, they function a little bit differently.

A proxy server differs from packet filtering because it anonymizes traffic. This process hides the IPs, so it becomes much harder to inspect traffic from the outside. Moreover, such a server stores cache data. That means previously accessed sites will be accessed faster.

Some proxies might be used as a gateway and monitor entry to certain apps. Specific volumes of traffic can be excluded from the services. Also, the outgoing network data can be monitored.

Nevertheless, proxy servers don’t offer filtering capabilities or packet inspection. That’s why the maximum result can be achieved by combining a firewall with proxy servers.

Packet Filtering vs. Stateful Firewalls

Packet filtering firewalls are considered to be stateless, because the information about the state of a packet isn’t included. State is an interaction between the data packets and servers, protocols. State information tracks the process when information passes to/from local networks. All the information about the destination and data origin is collected by stateful firewalls. Moreover, these firewalls can also collect payload information.

Also, stateful firewalls gather information about all the past data transfers. So that a record of every request is created. That means the system can make more informed decisions regarding denying and allowing.

Because stateful firewalls gather way more information than packet filters, it impacts the costs. That means packet filtering requires less demands regarding resources and is way faster.

Final Thoughts: Recognizing the Strengths and Weaknesses of Packet Filtering Firewalls

The usage of the right firewall can be a crucial decision that will help to exclude lots of online risks. Packet filtering is one of the options that monitors the packet data and applies specific rules. This type of firewall has lots of pluses, but also a couple of limitations.

Such limitations impact the popularity of packet filtering. However, despite some drawbacks, it is still a good choice when speed is an essential criterion.