366    Chapter 6 • Infrastructure Security: Devices and Media

                 Packet filtering has both benefits and drawbacks. One of the benefits is speed.
             Since only the header of a packet is examined and a simple table of rules is
             checked, this technology is very fast.A second benefit is ease of use.The rules for
             this type of firewall are easy to define and ports can be opened or closed quickly. In
             addition, packet-filtering firewalls are transparent to network devices. Packets can
             pass through a packet-filtering firewall without the sender or receiver of the packet
             being aware of the extra step.A major bonus of using a packet-filtering firewall is
             that most current routers support packet filtering.
                 There are two major drawbacks to packet filtering:

                  ■   A port is either open or closed.With this configuration, there is no way of
                      simply opening a port in the firewall when a specific application needs it
                      and then closing it when the transaction is complete.When a port is open,
                      there is always a hole in the firewall waiting for someone to attack.

                  ■   The second major drawback to pack filtering is that it does not under-
                      stand the contents of any packet beyond the header.Therefore, if a packet
                      has a valid header, it can contain any payload.This is a common failing
                      point that is easily exploited.

                 To expand on this, since only the header is examined, packets cannot be filtered
             by user name, only IP addresses.With some network services such as Trivial File
             Transfer Protocol (TFTP) or various UNIX “r” commands, this can cause a
             problem. Since the port for these services is either open or closed for all users, the
             options are either to restrict system administrators from using the services, or invite
             the possibility of any user connecting and using these services.The operation of
             this firewall technology is illustrated in Figure 6.1.
                 Referring to Figure 6.1 the sequence of events is as follows:

                  1. Communication from the client starts by going through the seven layers of
                      the OSI model.
                  2. The packet is then transmitted over the physical media to the packet-fil-
                      tering firewall.
                  3. The firewall works at the network layer of the OSI model and examines
                      the header of the packet.
                  4. If the packet is destined for an allowed port, the packet is sent through the
                      firewall, over the physical media, and up through the layers of the OSI
                      model to the destination address and port.





          www.syngress.com