Packet filters are the simplest security solution that enables access control and rejecting unwanted traffic. Traffic filtering can be based on the IP address and/or the source port or the IP address and/or the target port. Filtering complements enhanced firewalls.
The easiest implementation of this method is packet filtering on the edge router using the ACL (Access Control List) mechanism.
ACL turns on router software limits the data flow in the specified direction using an interface where an access control list is activated. Traffic transmitted within the local network can also be controlled. In this case the filtering mechanism is activated on LAN switches, which allows defining rules for the data flow between network segments based on other parameters—e.g. MAC addresses (the physical addresses of network interface controllers) or assignment to a VLAN (a logical segment that groups physical parts of the network). The possibilities depend on the software version and device type. The ACL technology is under continuous development and new mechanisms are added.
Another method for packet filtering is based on a dedicated Unix systems. It requires the installation and configuration of the operating system and activation of build-in packet filtering feature. This can be done using the Customer's equipment or hardware delivered as part of the service. The capacity and parameters of the computer acting as a packet filter must be adjusted to the size of the protected network and the estimated data transfer. In addition, it must be equipped with additional network interfaces whose number depends on the designed interconnection topology.
|
