SlideShare una empresa de Scribd logo

Network Security through IP Packet Filtering

Descargar como PPTX, PDF
karim baidar
karim baidar
EducaciónTecnología
1 de 8
Network (In)Security Through IP Packet Filtering By : Karim Baidar
Purpose • This paper examines the utility of IP packet filtering as a network security measure. • It describes what packet filters might examine in each packet. • It describes the characteristics of common application protocols as they relate to packet filtering. • This paper identifies and examines problems common to many current packet filtering implementations. • This paper concludes that packet filtering is currently a viable network security mechanism.
How Packet Filtering Works • What packet filters base their decisions on ? • How packet filtering rules are specified ? • A packet filtering example
Packet filtering Cautions • Complexity of packet filtering specifications – The more difficult the rules are to comprehend, the less likely the rules will be correct and complete. • Reliance on accurate IP source addresses • Dangers of IP source routing • Complications due to IP fragmentation
Problems With Current Packet Filtering Implementations • Filters are difficult to configure. • Tabular filtering rule structures are too cumbersome. • Testing and monitoring filters is difficult.
Possible Solutions for Current Packet Filtering Problems • Improve filter specification syntax. • Allow inbound filters as well as outbound filters. – This would allow the administrator to position the router either "inside" or "outside" the filtering "fence“ , as appropriate. – The desired functionality may not even be possible with only outbound filters; the case of a fake internal-to-internal packet showing up on the external interface, can’t be detected in an outbound filter set. • Provide tools for developing, testing, and monitoring filters.
Conclusion • Packet filtering is currently a viable and valuable network security tool, but some simple vendor improvements could have a big impact. • Improvements to filter specification mechanisms could greatly simplify the lives of network administrators trying to use packet filtering capabilities, and increase their confidence that their filters are doing what they think they are.

Recomendados

IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generationIEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEEGLOBALSOFTSTUDENTPROJECTS
 
automatic test packet generation
automatic test packet generationautomatic test packet generation
automatic test packet generation
swathi78
 
Applications of ATPG
Applications of ATPGApplications of ATPG
Applications of ATPG
Ushaswini Chowdary
 
Automatic test packet generation in network
Automatic test packet generation in networkAutomatic test packet generation in network
Automatic test packet generation in network
eSAT Journals
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeez
NetBeez, Inc.
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
ernestlithur
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccna
ernestlithur
 

Recomendados

IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generationIEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEE 2014 JAVA NETWORKING PROJECTS Automatic test packet generation
IEEEGLOBALSOFTSTUDENTPROJECTS
 
automatic test packet generation
automatic test packet generationautomatic test packet generation
automatic test packet generation
swathi78
 
Applications of ATPG
Applications of ATPGApplications of ATPG
Applications of ATPG
Ushaswini Chowdary
 
Automatic test packet generation in network
Automatic test packet generation in networkAutomatic test packet generation in network
Automatic test packet generation in network
eSAT Journals
 
Distributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeezDistributed Network Monitoring - Interopnet class by NetBeez
Distributed Network Monitoring - Interopnet class by NetBeez
NetBeez, Inc.
 
Firewalls
FirewallsFirewalls
Firewalls
University of Central Punjab
 
Chapter11ccna
Chapter11ccnaChapter11ccna
Chapter11ccna
ernestlithur
 
Chapter7ccna
Chapter7ccnaChapter7ccna
Chapter7ccna
ernestlithur
 
Chapter4ccna
Chapter4ccnaChapter4ccna
Chapter4ccna
ernestlithur
 
Data Center Monitoring
Data Center MonitoringData Center Monitoring
Data Center Monitoring
Invoca
 
Visibility in DevOps
Visibility in DevOpsVisibility in DevOps
Visibility in DevOps
Mick England
 
Safeguard Commercial Success with a Strategic Monitoring Approach
Safeguard Commercial Success with a Strategic Monitoring ApproachSafeguard Commercial Success with a Strategic Monitoring Approach
Safeguard Commercial Success with a Strategic Monitoring Approach
madelinestack
 
Virtualization Monitoring Challenges
Virtualization Monitoring ChallengesVirtualization Monitoring Challenges
Virtualization Monitoring Challenges
Invoca
 
Public/Private Cooperation on Internet Issues: The Irish Experience
Public/Private Cooperation on Internet Issues: The Irish ExperiencePublic/Private Cooperation on Internet Issues: The Irish Experience
Public/Private Cooperation on Internet Issues: The Irish Experience
Blacknight
 
NetApp Monitoring in Minutes
NetApp Monitoring in MinutesNetApp Monitoring in Minutes
NetApp Monitoring in Minutes
Invoca
 
Compiti di matematica per le vacanze di natale
Compiti di matematica per le vacanze di nataleCompiti di matematica per le vacanze di natale
Compiti di matematica per le vacanze di natale
Mattia Gandini
 
Are you ready for DevOps?
Are you ready for DevOps?Are you ready for DevOps?
Are you ready for DevOps?
Mick England
 
Ansible 2.2
Ansible 2.2Ansible 2.2
Ansible 2.2
Scott van Kalken
 
CCNA Chapter1
CCNA Chapter1CCNA Chapter1
CCNA Chapter1
Mohammed Ali
 
Network security
Network security Network security
Network security
Vikas Jagtap
 
Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic
 
Neural networks...
Neural networks...Neural networks...
Neural networks...
Molly Chugh
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
It All Adds Up! Engaging Math Strategies, Web Tools, and Apps
It All Adds Up! Engaging Math Strategies, Web Tools, and AppsIt All Adds Up! Engaging Math Strategies, Web Tools, and Apps
It All Adds Up! Engaging Math Strategies, Web Tools, and Apps
Shelly Sanchez Terrell
 
I Can't Teach That!
I Can't Teach That!I Can't Teach That!
I Can't Teach That!
mrrobbo
 
Firewalls
FirewallsFirewalls
Firewalls
Ram Dutt Shukla
 
Leadership Makes a Difference
Leadership Makes a DifferenceLeadership Makes a Difference
Leadership Makes a Difference
Wiley
 
Myles firewalls
Myles firewallsMyles firewalls
Myles firewalls
Shmulik Avidan
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
Mhmud Khraibene
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat Management
Tapas Shome
 

Más contenido relacionado

Destacado

Safeguard Commercial Success with a Strategic Monitoring Approach
Safeguard Commercial Success with a Strategic Monitoring ApproachSafeguard Commercial Success with a Strategic Monitoring Approach
Safeguard Commercial Success with a Strategic Monitoring Approach
madelinestack
 
Compiti di matematica per le vacanze di natale
Compiti di matematica per le vacanze di nataleCompiti di matematica per le vacanze di natale
Compiti di matematica per le vacanze di natale
Mattia Gandini
 
Neural networks...
Neural networks...Neural networks...
Neural networks...
Molly Chugh
 

Destacado (19)

Chapter4ccna
Chapter4ccnaChapter4ccna
Chapter4ccna
 
Data Center Monitoring
Data Center MonitoringData Center Monitoring
Data Center Monitoring
 
Visibility in DevOps
Visibility in DevOpsVisibility in DevOps
Visibility in DevOps
 
Safeguard Commercial Success with a Strategic Monitoring Approach
Safeguard Commercial Success with a Strategic Monitoring ApproachSafeguard Commercial Success with a Strategic Monitoring Approach
Safeguard Commercial Success with a Strategic Monitoring Approach
 
Virtualization Monitoring Challenges
Virtualization Monitoring ChallengesVirtualization Monitoring Challenges
Virtualization Monitoring Challenges
 
Public/Private Cooperation on Internet Issues: The Irish Experience
Public/Private Cooperation on Internet Issues: The Irish ExperiencePublic/Private Cooperation on Internet Issues: The Irish Experience
Public/Private Cooperation on Internet Issues: The Irish Experience
 
NetApp Monitoring in Minutes
NetApp Monitoring in MinutesNetApp Monitoring in Minutes
NetApp Monitoring in Minutes
 
Compiti di matematica per le vacanze di natale
Compiti di matematica per le vacanze di nataleCompiti di matematica per le vacanze di natale
Compiti di matematica per le vacanze di natale
 
Are you ready for DevOps?
Are you ready for DevOps?Are you ready for DevOps?
Are you ready for DevOps?
 
Ansible 2.2
Ansible 2.2Ansible 2.2
Ansible 2.2
 
CCNA Chapter1
CCNA Chapter1CCNA Chapter1
CCNA Chapter1
 
Network security
Network security Network security
Network security
 
Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016Sumo Logic QuickStart Webinar - Dec 2016
Sumo Logic QuickStart Webinar - Dec 2016
 
Neural networks...
Neural networks...Neural networks...
Neural networks...
 
Firewall
Firewall Firewall
Firewall
 
It All Adds Up! Engaging Math Strategies, Web Tools, and Apps
It All Adds Up! Engaging Math Strategies, Web Tools, and AppsIt All Adds Up! Engaging Math Strategies, Web Tools, and Apps
It All Adds Up! Engaging Math Strategies, Web Tools, and Apps
 
I Can't Teach That!
I Can't Teach That!I Can't Teach That!
I Can't Teach That!
 
Firewalls
FirewallsFirewalls
Firewalls
 
Leadership Makes a Difference
Leadership Makes a DifferenceLeadership Makes a Difference
Leadership Makes a Difference
 

Similar a Network Security through IP Packet Filtering

BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
limsh
 

Similar a Network Security through IP Packet Filtering (20)

Myles firewalls
Myles firewallsMyles firewalls
Myles firewalls
 
Linux and firewall
Linux and firewallLinux and firewall
Linux and firewall
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat Management
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
Firewall
FirewallFirewall
Firewall
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.ppt
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.ppt
 
Firewalls (1).ppt
Firewalls (1).pptFirewalls (1).ppt
Firewalls (1).ppt
 
Fw.ppt
Fw.pptFw.ppt
Fw.ppt
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.ppt
 
Firewalls presentation powerpoint powepoint
Firewalls presentation powerpoint powepointFirewalls presentation powerpoint powepoint
Firewalls presentation powerpoint powepoint
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.ppt
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewalls
 
Unit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).pptUnit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).ppt
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.ppt
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall
FirewallFirewall
Firewall
 
Security Framework for the IPv6 Era
Security Framework for the IPv6 EraSecurity Framework for the IPv6 Era
Security Framework for the IPv6 Era
 
5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...5 ways you can strengthen and secure your network infrastructure with Firewal...
5 ways you can strengthen and secure your network infrastructure with Firewal...
 

Último

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Último (20)

Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 

Network Security through IP Packet Filtering

  • 1. Network (In)Security Through IP Packet Filtering By : Karim Baidar
  • 2. Purpose • This paper examines the utility of IP packet filtering as a network security measure. • It describes what packet filters might examine in each packet. • It describes the characteristics of common application protocols as they relate to packet filtering. • This paper identifies and examines problems common to many current packet filtering implementations. • This paper concludes that packet filtering is currently a viable network security mechanism.
  • 3. How Packet Filtering Works • What packet filters base their decisions on ? • How packet filtering rules are specified ? • A packet filtering example
  • 4. Packet filtering Cautions • Complexity of packet filtering specifications – The more difficult the rules are to comprehend, the less likely the rules will be correct and complete. • Reliance on accurate IP source addresses • Dangers of IP source routing • Complications due to IP fragmentation
  • 5. Problems With Current Packet Filtering Implementations • Filters are difficult to configure. • Tabular filtering rule structures are too cumbersome. • Testing and monitoring filters is difficult.
  • 6. Possible Solutions for Current Packet Filtering Problems • Improve filter specification syntax. • Allow inbound filters as well as outbound filters. – This would allow the administrator to position the router either "inside" or "outside" the filtering "fence“ , as appropriate. – The desired functionality may not even be possible with only outbound filters; the case of a fake internal-to-internal packet showing up on the external interface, can’t be detected in an outbound filter set. • Provide tools for developing, testing, and monitoring filters.
  • 7.
  • 8. Conclusion • Packet filtering is currently a viable and valuable network security tool, but some simple vendor improvements could have a big impact. • Improvements to filter specification mechanisms could greatly simplify the lives of network administrators trying to use packet filtering capabilities, and increase their confidence that their filters are doing what they think they are.