Packet Filtering – a means of controlling access to a network. The concept is simple: determine whether a packet is allowed by comparing some basic pieces of information in the packet headers. Cisco IOS Access Control List (ACL) is one of the most used packet filters. IPChains is also a popular packet filter application, which comes bundled with many versions of Linux.
Two-way communication presents a challenge for network security based on packet filtering. If one blocks all incoming traffic, one prevents responses to outgoing traffic from coming in, disrupting communication. Consequently, one has to open two holes, one for outgoing traffic and one for incoming traffic, without enforcing any association of the incoming traffic with existing outgoing connections in the network. Packet filtering thus can allow in crafted malicious packets that appear to be part of existing sessions, causing damage to protected resources.
Packet filtering devices do not track dynamic protocols, where a server and a client negotiate a random port for data transmission. Examples of protocols that use dynamic ports include file transfer protocol (FTP), remote procedure call (RPC), and H.323. To enable these applications to pass through packet filtering systems, one has to open a very large hole, significantly reducing the security protection provided by packet-filtering systems. For instance, in order to allow in standard FTP, one must let through any traffic with a destination port greater than 1,023 (1,023 – 65,500) and source port of 20, thus opening a significant security hole in the network. As a result, many organizations also deploy additional security measures in a layered defense strategy.