Network filtering and firewalls

Network filtering happens at the network protocol level and can be performed on routers and firewalls by analyzing headers of IP packets and allowing or denying forwarding based on source or destination address, protocol type, TCP port number, packet length, etc. By blocking packages based on network address information and protocol type, network filters can prevent unauthorized access even before an unauthorized user tries to authenticate or a hacker attempts to launch an attack.

Firewalls are devices that enforce access policies between two networks by performing network packet filtering. In addition to looking at IP headers, most firewalls are also aware of data payload and can test application type and message content for patterns of traffic to deny/allow access.

For example, firewalls can be configured to allow only e-mail traffic through them thereby protecting the network against any attacks other than attacks against the e-mail service.

A firewall is also important as a single audit point. It provides important logging functions and can often provide summaries to the administrator about what kinds and levels of traffic passed through it, how many attempts there were to break into it, etc.

While firewalls are important components of a security system, they cannot maintain security alone. Firewalls need to be part of a comprehensive set of security policies and are only one layer of protection to secure the perimeter of the network.

Firewalls cannot protect against attacks that do not go through them and are usually ineffective at protecting against attacks launched from within the network. Firewalls are usually ineffective against viruses and attacks launched through a tunneled protocol.