For an instance it can all allow or deny specific functions of FTP such as the use of “GET” and “PUT” command (Ogletree, 2000). Packet filtering susceptible to IP Spoofing (Webopedia, 2011). IP Spoofing is used by unauthorized people to gain access to a network, it is a technique done by using the IP address of an authorized or trusted host to enter the network. Advantages of packet filtering Mainly increases the efficiency level by eliminating the processing of overhead by higher level firewall such as proxies.
There's a specialist from your university waiting to help you with that essay.
Tell us what you need to have done now!
order now
It helps implement choke point as a security strategy because packet filter is installed and monitored in a single location. It also protects network against network sweeping threats and also resolver certain spoofing attacks (Preetham, 20002). Disadvantages of packet filtering Packet filter only checks what protocol, source and destination is used but won’t check on who is trying to access the network. Besides that Trojan horses or viruses can enter into the network using HTTP tunneling (Preetham, 2002). Proxy servers acts as middle men that connects and communicate client and server.
Thus no actual IP packets go through client and server, because it separates the outside network from private network. Application level is the stage where proxy server works thus according to Ogletree (2000), proxy server is application specific and can be programmed to allow or deny access to a service based on user’s preferred function. A proxy server is transparent to network component; therefore it can’t be seen by either internal network component or external network component (Preetham, 2002). The host of the application service assumes that it is communicating directly with external component on the internet.
Host application will assume that it is communicating directly with external component on the internet and proxy server will act as host for external component of the network. Whenever a request is received from client server, proxy server will make a request to server on behalf of client server. This action will ensure the security, administrative control and also caching. Dual homed host is needed in order to execute proxy. Two interfaces, one for internal network and the other one for untrusted network. For this reason, two unique IP addresses will be used for both (Preetham, 2002).
According to Preetham (2002), proxy server can also perform user authentication, which means it can be set to allow certain user to on the company to access to the internet, and also perform application specific services, because they are written for specific application protocol such as HTTP or FTP. This solely means only specific domains can be allowed into the network , for an instance the company can block all the social networking sites domain to prevent the staff from slacking and wasting time on those non profitable sites. Finally proxy server provides single point of contact (Preetham, 2002).
It only connects with trusted IP address which is assigned by the network administrator of the company. Advantages of proxy server, performance will increase because most of the information are cached, thus when a user want to connect to the same site again, it will re-use back the same information. User authentication, thus it can be set to allow only certain users to access certain sites. Better option compared to packet filtering because it can configured at the application level, which makes it more efficient in screening content.
Finally, allows the network administrator to monitor the network activity efficiently. Disadvantage of proxy server, low performance due to processing at application level and not so effective, due to protocol specific services. Application gateway works on the application level and it is also connected proxy server; it is more complex version of a firewall, intercepting traffic for a specific application is what it does mainly (Ogletree, 2000). When a connection is established, it is then brought to application gateway first or proxy which then will proceed to destination.
Compared to other firewall technologies it is very secure but also consumes large memory and a good processor (Webopedia, 2011). Advantage of Application level gateway provides direct connection between external and internal hosts are disallowed, besides that it also allows user-level authentication and finally application commands are analyzed inside the data packets. (Careerride, 2008-2010). Disadvantage of application gateway- detailed concentration is required to each individual application that uses the gateway and has a very complicated and complex setup.
Circuit Level Filtering is one step ahead than packet filtering, and it works at Transport Layer. Major duty would be to check whether the connection between both sides is valid and only then will decide to allow the packet to be transmitted (Toolbox. com, 1998-2011). Once that is done it allows the traffic for a limited time from the valid source. To determine the validity of connection, it is based on certain criteria such as Source and destination IP, protocol, time, user and password and etc (Pc-Help, N. D. ).
Advantages of Circuit Level Filtering such as IP spoofing can be tough to be done in this and also the fact it is ahead than packet filtering is also considered as one advantage. Source address is never associated as a function of the protocol (Toolbox. com, 1998-2011). Finally it is capable of making up for the shortcomings of the UDP protocol (Pc-Help, N. D. ) Disadvantage of Circuit Level Filtering would be, it requires substantial modification in programming that provides transport functions since it is works at Transport Layer (Pc-Help, N. D. ).
