Article | REF: TE7550 V2

Firewalls. The pocketknife for enforcing computer security

Author: Maryline LAURENT

Publication date: October 10, 2017, Review date: January 3, 2024 | Lire en français

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

Automatically translated using artificial intelligence technology (Note that only the original version is binding) > find out more.

A | A

5. Stateful and stateless packet filtering

A packet filter is a multi-port system placed between two networks and responsible for filtering IP packets using filtering rules. The filtering rules implemented in packet filters are commonly referred to as ACLs, for Access Control List.

Filtering is based on the information usually found in the header of IP and TCP packets [7] :

protocol numbers ;
source and/or destination IP addresses ;
source and/or destination port numbers (included in the TCP or UDP (User Datagram Protocol ) message);
TCP connection flags ;
other options.

This filtering is implemented in the network layer, i.e. in the kernel of an operating system (§

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Stateful and stateless packet filtering

Previous
page Filtering at a glance

Application-level gateway (proxy and reverse-proxy)

Bibliography

(1) - ANSSI - Recommandations pour la définition d'une politique de filtrage réseau d'un pare-feu. - mars 2013 https://www.ssi.gouv.fr/uploads/IMG/pdf/NP_Politique_pare_feu_NoteTech.pdf

Software tools

Squid http://www.squid-cache.org

netfilter http://www.netfilter.org

SNORT http://www.snort.org

Websites

ANSSI, CSPN certified products https://www.ssi.gouv.fr/entreprise/produits-certifies/produits-certifies-cspn/

ANSSI, Common criteria certified products https://www.ssi.gouv.fr/entreprise/produits-certifies/cc/produits-certifies-cc/

...

Standards and norms

IETF, LEECH (M.), GANIS (M.), LEE (Y.), KURIS (R.), KOBLAS (D.), JONES (L.). – SOCKS Protocol Version 5. http://ietf.org/rfc/rfc1928.txt?number=1928 - rfc 1928 - 03-96

Regulations

Law no. 2009-1311 of October 28, 2009 on the criminal protection of literary and artistic property on the Internet, JORF no. 0251 of Oct. 29, 2009 https://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000021208046&categorieLien=id

Law no. 2015-912...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects