Network Security by Filtering
By Stephen Bucaro
Filtering allows network administrators to control which packets are permitted or
denied in or out of a network. Filtering can be used for traffic shaping,
which is used to control how much bandwidth can be used in specific parts of a
network. Traffic to nonessential parts of a network can be denied to ensure that
there is adequate bandwidth for mission critical parts of a network.
Filtering is more often used to provide security for a network. Used for
security, filtering can deny access to parts or all of a local network by outside
networks, or it can deny some or all hosts on a local network access to parts or
all of an external network such as the Internet.
Filtering can be provided by several different network devices including firewalls,
proxy servers, routers, and individual host computers. These devices provide access
control by using an access control list (ACL). When a packet arrives at a
filtering device, the device extracts information from the packet header and based
upon rules are in it's ACLs decides whether the packet should be allowed to pass or
should be dropped.
Filtering is more often done by an OSI layer 3 device called a router, but it can
be also be done at other layers, and even at the individual host computer by a system
administrator or the owner of the object by setting user or group access privileges
to the object.
A MAC address is a unique 48-bit address assigned to each network card or circuit
by the manufacturer. MAC Filtering can be used to restrict access to a specific device
on a network. MAC filtering is done at OSI layer 2, the data link layer of the OSI model.
A switch is a multi-port device that works at layer 2 of the OSI model. A switch
keeps a table of what MAC addresses are connected to each of its ports. Access to
a specific device on a network can be done using a MAC ACL.
IP filtering operates by filtering packets based on information in their IP headers.
It may filter by source IP address, destination IP address, type of service (TOS),
Time-to-live (TTL), Protocol, or other field in the IP header.
IP filtering may done at OSI layer 2 by a network switch, or more commonly
at layer 3 by a router. Access to a specific IP address on a network can be denied
using a IP ACL.
A computer or network device on a TCP/IP network can be accessed by the devices IP
address and a port number. Together, the IP address and the port number make up
a socket. Access to a specific application or service on a network device can
be denied using its port number.
For example, Hypertext Transfer Protocol (HTTP) uses port number 80 by default. Telnet
uses port number 23 by default. Simple Mail Transfer Protocol (SMTP) uses port number
25 by default. Port filtering is most commonly done at OSI Layer 3 by a router. Access
to a specific port at an IP address on a network can be denied using a IP ACL.