I. Explain that packet-filtering firewalls examine the header information of data packets that come into a network. Apply Figure 8-7 as a visual illustration of a standard IPv4 packet structure.
II. Relate that packet-filtering firewalls scan network data packets looking for rule compliance against the database of the firewall. Packets are inspected at Level 3 of the Open Systems Interconnect (OSI) model (which has a total of seven layers).
III. Emphasize the restrictions most implemented are based on a combination of the following:
• IP source and destination address
• Direction (inbound or outbound)
• Protocol, for firewalls capable of examining the IP protocol layer
• Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) source and destination port requests (apply Figures 8-8 and 8-9 illustrating these)
IV. Describe simple firewall models, which examine one aspect of the packet header: the destination and source address. Emphasize that they enforce address restrictions, rules designed to prohibit packets with certain addresses or partial addresses from passing through the device.
V. Explain that they accomplish this through access control lists (ACLs), which are created and modified by the firewall administrators.
VI. Identify the three subsets of packet filtering firewalls:
• Static filtering
• Dynamic filtering
• Stateful packet inspection (SPI)
VII. Evaluate how static filtering requires that the filtering rules be developed and installed with the firewall.
VIII. Describe dynamic filtering, which allows the firewall to react to an emergent event and update or create rules to deal with the event. Note that while static filtering firewalls allow entire sets of one type of packet to enter in response to authorized requests, the dynamic packet filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall.
IX. Detail how stateful inspection firewalls, or stateful firewalls, keep track of each network connection between internal and external systems using a state table, which tracks the state and context of each packet in the conversation by recording which station sent which packet and when.
X. Stress the difference between simple packet filtering firewalls and stateful firewalls. Whereas simple packet filtering firewalls only allow or deny certain packets based on their address, a stateful firewall can block incoming packets that are not responses to internal requests.
XI. Critique how the primary disadvantage of a stateful firewall is the additional processing required to manage and verify packets against the state table, which can leave the system vulnerable to a DoS or DDoS attack.