Inbound Traffic Filtering
Restricting network traffic originating from untrusted networks destined towards a private host or enclave.
How it works
Inbound Traffic, in this context, is network traffic originating from an untrusted network towards a private host or enclave. For example:
- An untrusted network host connecting to a internal commercial portal, shopping.example.com
- An external mail server connecting to an internal mail server, mail.example.com
Filtering policies are developed by administrators to meet business requirements and limit connectivity. These policies are implemented on edge devices such as firewalls, routers, and intrusion prevention systems. Examples of filters:
- Blocking incoming traffic from spoofed internally facing IP addresses
- Blocking specific ports and services from establishing connections
- Limiting specific IP ranges from connecting to the network
- Dynamic inbound filtering (Hole punching, STUN, NAT-T)
- Business requirements typically drive the development of filtering rulesets
- Protocols using non-standard ports may circumvent filtering technology, which does not detect application protocol based on traffic content
- OpenWRT (Embedded)
- Netfilter (Linux)
- Windows Firewall
There are 2 techniques in this category, Inbound Traffic Filtering.
|Inbound Traffic Filtering
|Restricting network traffic originating from untrusted networks destined towards a private host or enclave.
|- Email Filtering
|Filtering incoming email traffic based on specific criteria.
The following references were used to develop the Inbound Traffic Filtering knowledge-base article.
(Note: the consideration of references does not imply specific functionality exists in an offering.)