Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Network Security by Filtering

Filtering allows network administrators to control which packets are permitted or denied in or out of a network. Filtering can be used for traffic shaping, which is used to control how much bandwidth can be used in specific parts of a network. Traffic to nonessential parts of a network can be denied to ensure that there is adequate bandwidth for mission critical parts of a network.

Filtering is more often used to provide security for a network. Used for security, filtering can deny access to parts or all of a local network by outside networks, or it can deny some or all hosts on a local network access to parts or all of an external network such as the Internet.

Filtering can be provided by several different network devices including firewalls, proxy servers, routers, and individual host computers. These devices provide access control by using an access control list (ACL). When a packet arrives at a filtering device, the device extracts information from the packet header and based upon rules are in it's ACLs decides whether the packet should be allowed to pass or should be dropped.

Filtering is more often done by an OSI layer 3 device called a router, but it can be also be done at other layers, and even at the individual host computer by a system administrator or the owner of the object by setting user or group access privileges to the object.

MAC Filtering

A MAC address is a unique 48-bit address assigned to each network card or circuit by the manufacturer. MAC Filtering can be used to restrict access to a specific device on a network. MAC filtering is done at OSI layer 2, the data link layer of the OSI model.

NETGEAR FS108 8-Port Switch

A switch is a multi-port device that works at layer 2 of the OSI model. A switch keeps a table of what MAC addresses are connected to each of its ports. Access to a specific device on a network can be done using a MAC ACL.

TCP/IP Filtering

IP filtering operates by filtering packets based on information in their IP headers. It may filter by source IP address, destination IP address, type of service (TOS), Time-to-live (TTL), Protocol, or other field in the IP header.

IP filtering may done at OSI layer 2 by a network switch, or more commonly at layer 3 by a router. Access to a specific IP address on a network can be denied using a IP ACL.

Port Filtering

A computer or network device on a TCP/IP network can be accessed by the devices IP address and a port number. Together, the IP address and the port number make up a socket. Access to a specific application or service on a network device can be denied using its port number.

For example, Hypertext Transfer Protocol (HTTP) uses port number 80 by default. Telnet uses port number 23 by default. Simple Mail Transfer Protocol (SMTP) uses port number 25 by default. Port filtering is most commonly done at OSI Layer 3 by a router. Access to a specific port at an IP address on a network can be denied using a IP ACL.

More Network Security Articles:
• Remote Access Authentication Protocols
• Network Security Across the Enterprise
• The Role of Security Penetration Testers
• Avoid Hacks by Rogue Wireless Devices
• Types of Computer Security Threats
• Digital Signatures and Certificates
• ARP, MAC, Poisoning, and WiFi Security
• Designing Physical Network Security
• Firewall Rules
• How to Tell if Someone is Lurking on Your Wireless Network

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268