Lesson 2 | Protect IP traffic with filters |
Objective | Reduce unauthorized access to network resources using filters. |
Protect IP traffic with filters
Minimizing the protocols and ports exposed on a host using a firewall can reduce the risk of unauthorized access.
However, this may be difficult to manage, particularly if many hosts have different filtering requirements, which is why Windows 2000 implementation of TCP/IP supports application layer filtering of IP traffic by allowing you to set filters on a host-by-host basis.
Filtering allows you to configure precisely what type of traffic you want to allow through the interface that has filtering enabled.
By default, filtering is not enabled on any of the network interface cards. Without filtering, all IP traffic is allowed to cross the interface without being examined by any type of filtering mechanism, and is passed through.
When you enable IP filtering, no IP traffic is passed through the interface for which the filtering is enabled.
You must then configure filters dedicated to allowing the particular IP traffic you want to pass through the network interface card.
TCP/IP Filters
TCP/IP filtering blocks the delivery of any IP packets that do not conform to the preset criteria.
You can use TCP/IP filtering for dedicated servers that provide services on well-known protocols, TCP ports, and User Datagram Protocol (UDP) ports.
The following table describes when to include TCP/IP filtering in your network design, and the criteria for filtering IP packets.
Include TCP/IP filtering in your network design to: |
Control traffic to dedicated servers. |
You can filter IP packets based on the following criteria: |
TCP port number |
Block all inbound traffic except that which you specifically list. |
UDP port number |
Provide filtering at the application layer. |
IP protocol type (except for TCP, UDP, ICMP, IGMP or IPSec). |
For most situations, you permit the acceptance of all IP traffic.
Evaluate the effect of any enabled TCP/IP filters to ensure proper computer operation. It is not recommended to enable filtering because it may restrict the operation of essential services.
IPsec for security
Click the learning bridge link above if you would like to review the basics of using IPSec to counter security threats.
The following SlideShow describes a number of TCP ports and how they filter traffic.