A "packet" is a formatted block of information carried by a computer network. Packet filtering examines such blocks for certain characteristics and is used to allow only legitimate traffic to enter or leave a network. Firewalls use packet filtering to decide whether a connection should be allowed or not.
Packet filtering can be done in many ways. At the most basic level, IP addresses can be checked in order to allow only traffic from or to trusted addresses. This helps prevent IP spoofing. Other ways include checking the port number on the computer that an application uses, and allowing only documented ports to communicate, and at the most complex level, actually checking the contents of the traffic to find out what is being transmitted.
Packet filtering is typically used as the first line of defense in almost all network equipment. Depending on the resources available, packet filtering may be performed only on the first packets received from a connection to ensure legitimacy, after which remaining packets are allowed to pass unobstructed. This saves a lot of overhead. In extreme cases, every packet may be inspected. This involves a very large computing overhead and typically requires dedicated equipment.
Due to the nature of their activity, devices running packet filters are susceptible to denial of service attacks. Since a filter checks packets, many packets sent simultaneously to the filter can rapidly overwhelm it. This can have one of two consequences. The equipment either "fails closed," which means it cuts off the connection and disrupts network connectivity, or "fails open," which means it allows all the packets, leaving other systems in the network open to attack.
It is therefore important to make sure that correct and optimal rules are set up for checking packets. Packet filters can be either hardware-based (using network devices and hardware firewalls) or software-based, like Norton's Personal Firewall 
or Windows Firewall . Typically, hardware packet filters are faster and more efficient, but also more expensive.
Though packet filters are widely deployed in organizations, there are some concerns that they can be used to infringe on user privacy, since it may be possible to inspect the contents of the traffic. Most organizations therefore include documentation informing users about their packet filters, and requiring user consent for this purpose.
References
- Packet (Wikipedia)
Print view
Email to a friend
Submit to Reddit
Save to del.icio.us
Submit to Digg.com
Stumble It!