Screening Router

The simplest firewall is a single router on the network perimeter configured to filter packets. Also known as a packet filter, the screening router is a device that acts as a firewall by examining and routing incoming and outgoing traffic based on various criteria. A screening router is a basic component of most firewalls. A screening router can be a commercial router or a host$-$based router with some kind of packet filtering capability.

How does it work?

Typical screening routers have the ability to block traffic between networks or specific hosts, on an IP port level. Some firewalls consist of nothing more than a screening router between a private network and the Internet. The screening router determines whether to allow or deny packets based on their source and destination IP addresses or other information in their headers. Screening routers can be routers or general$-$purpose hosts like Windows NT or Linux.

Screening routers are configured using rules to filter access using specified protocols or to and from predefined addresses, passing or rejecting an IP packet based on information contained in the packet header. Screening routers can filter packets based on a variety of criteria, including: IP addresses, Port numbers, Transport type, and Certain flags in TCP headers.

Advantages

$$ Simple

$$ Inexpensive

$$ Good for home applications if a stateful packet filter is used.

Disadvantages

$$ Provides only minimal protection.

$$ Viruses, trojan programs, and some malformed packets might get through.

Screening routers can be used to:

$$ Block types of traffic that aren't allowed by policy.

$$ Block attacks after they have been detected.

o For example, packet filtering can quickly identify and drop external IP spoofing attacks that claim to originate from internal network source

Why it is not ideal for stopping attacks using spoofed traffic?

A screening router filters network traffic based on predefined rules. However, it is not ideal for stopping attacks using spoofed traffic due to its reliance on IP addresses for filtering decisions. IP spoofing is when a hacker alters address data within the IP header, tricking a system into thinking the data comes from a trusted source. People use IP spoofing to launch attacks such as denial of service $($DOS$)$ and man in the middle. Screening router are the routers that are used as firewalls and perform packet filtering. Since the screening router does not stop many attacks $$ especially those that use spoofed or manipulated IP address information, the screening router should be combined with a firewall or proxy server for added protection.

Firewalls using screening routers

Many networks are firewalled using only a screening router between the private network and the Internet. This type of firewall is different from a screened host gateway in that usually there is direct communication permitted between multiple hosts on the private network, and multiple hosts on the Internet. The zone of risk is equal to the number of hosts on the private networks, and the number and type of services to which the screening router permits traffic. For each service provided via peer$-$to$-$peer connection the size of the zone of risk increases sharply. Eventually it is impossible to quantify. Damage control is difficult as well since the network administrator would need to regularly examine every host for traces of a break$-$in$.$ If there is no regular audit one must hope to stumble on a clue such as a mismatched system accounting record.

In the case of total destruction of the firewall, it tends to be very hard to trace or even to discover. If a commercial router $($which does not maintain logging records$)$ is used, and the router's administrative password is compromised, the entire private network can be laid open to attack very easily. Cases are known where commercial routers have been configured with erroneous screening rules, or have come up in some pass$-$through mode because of hardware or operator error. Generally, this configuration is a case of "That which is not expressly prohibited is permitted" as the ingenious user can fairly easily piggyback protocols to achieve a higher level of access than the administrator expects or wants. Given a collaborator on an external host, it is left as an exercise to the reader to implement a remote login stream protocol over Domain Name Service packets.

Screening routers are not the most secure solution, but they are popular since they permit fairly free Internet access from any point within the private network. Many consultants and network service providers offer screening routers in a "firewall" configuration. It is uncertain if the various trade$-$offs involved are clear to the customer; the author would not recommend use of a screening router to protect sensitive information or trade secrets$,$ since screening routers are very permeable from the inside.

What