dynamic packet filter

For example, assume that you wish to configure your firewall so that all users in your company are allowed out to the Internet, but only replies to users' data requests are let back in. With a static packet filter, you would need to permanently allow in replies from all external addresses, assuming that users were free to visit any site on the Internet. This kind of filter would allow an attacker to sneak information past the filter by making the packet look like a reply (which can be done by indicating "reply" in the packet header).

By tracking and matching requests and replies, a dynamic packet filter can screen for replies that don't match a request. When a request is recorded, the dynamic packet filter opens up a small inbound hole so only the expected data reply is let back through. Once the reply is received, the hole is closed. This dramatically increases the security capabilities of the firewall.

Learn more about Network Security Best Practices and Products

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT 3Com acquisition confirms HP-Cisco battle for China HP's 3Com acquistion ups the ante in the race to provide converged enterprise networks. Enterprises demand next-generation firewalls with IPS, app visibility Next-generation firewalls consolidate multiple network security functions into a single appliance. Some vendors have, some are still getting there. Preventing hacker attacks with network behavior analysis IPS Preventing a security breach on your network requires at least two techniques: signature-based and anomaly-based network behavior analysis. Learn how...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) HELLO packet  (SearchNetworking.com)