Packet Filtering:
It is considered to be most basic type of firewall. It receives the packets and the revaluates them based on set of rules that are usually in the form of access control. These packets maybe forwarded to their destination, dropped or dropped with the return message to the sender describing the situation. The type of filtering rules varies based on the application. Mostly following rules are used:
- Source and Destination IP address: Packets from certain IP addresses are only allowed to pass blocking other addresses. This will make firewall drop packets which do not belong to defined source address.
- Source and destination ports: Packets from defined ports are accepted and those packets which are not defined.
- Direction of traffic: Allows traffic only in defined direction. That is allows only either inbound packets or outbound packets.
- Type of protocol: Passes or drops packet of certain protocols only such as IP, TCP, and User Datagram Protocol etc.
- The packet’s state: It passes packets based on the state of packets such as ACK or SYN where SYN meaning synchronizing packet or ACK meaning Acknowledgement packet.
Application Layer Filtering (Layer 7 Filtering):
- This type of filtering is done at application layer which not only determines whether the connection is made or not but also determines how the connection is made. This type of filter stops incoming connection requests at filter and if connection is permitted, initiates its connection. This type of connection is called proxy connection.
- By using database which defines types of connections allowed, filter either establishes another connection or drops the current connection. Appropriate programming of filter makes it transparent to user.
- The most common implementations of application-layer filters provide proxy services, such as mail, file transfer protocol (FTP), and telnet, so that they do not run on the actual filter, which increases security. Each connection is subject to a set of specific rules and conditions similar to those in packet-filters, except that the selectivity rules application layer filter use is not based on ports, button the to-be-accessed programs or services (regardless of which port is used to access these programs).
- Application-level firewalls also determine permissible conditions and events when a proxy connection has been established.
Comparison:
Sr. No. |
Packet Filtering |
Layer 7 Filtering |
1 |
It scans the packets and based on the rules of access control either passes the packets or drops them. |
It stops the connection to determine whether connection is permitted or not and based on that it initiates or blocks connection. |
2 |
It works at network layer. |
It works at application layer. |
3 |
Easy and simple to implement. |
Very complicated structure. |
4 |
It is easy to bypass filter and hence provides less security when implemented. |
It is difficult to bypass Layer 7 filter thus providing higher security. |
5 |
It does not affect the throughput rate of gateway. |
It reduces throughput as time consumed to stop the process and verifying them is increased. |
6 |
This filter does not provide efficient logging capabilities. |
This filter provides efficient logging function by storing the data about lost or dropped connections. |
7 |
There are chances of having logical error in definition of rules for dropping/accepting particular filters. |
Rules are connection based which leaves very small room for logical errors. |
8 |
Good performance and transparent |
Slower performance and lack of transparency |