Learn something new every day
More Info... by email
A host model is a bit like a gatekeeper that stands at the "door" of a networked computer and determines whether to accept or reject packets of data. Information is sent along computer networks in packets, which are tiny pieces of data filtering through the network connection to their target destinations. Like letters mailed to specific homes, the packets moving across the Internet are sent to specific host addresses. These addresses consist of series of numbers that follow a convention called Internet Protocol (IP) Address format.
Most major operating systems utilize built-in host models. As successive versions of these operating systems have been developed and released, programmers have moved to favoring what are know as "strong" host models over the earlier versions — known as "weak" host models — that came before. The two differ in the degree of validation they require from packets of data before accepting them.
In the weak host model, the "gatekeeper" will accept any packet that is sent to the computer's specific IP address, regardless of the network interface through which it was received. In other words, it will gladly accept any and all packets addressed to the computer, regardless of their method of delivery. Using a weak host model can improve network connectivity; it makes it easier for specific packets to be delivered. On the other hand, though, it makes it easier for hackers to exploit the system, since they do not need to provide as much specificity to have their packets received.
The strong host model tightens security by accepting only packets that are sent to the specific IP address at the network interface where the packet is received. This means that the host model will only accept packets if they're specifically addressed not just to the computer's IP address, but to a specific pathway to the computer's IP address. This increases the level of security for the network system, but has a correspondingly weakening effect on overall network connectivity, as it becomes more cumbersome to move packets to a specific computer.
Some systems do not offer the option to activate a strong host model. In lieu of this, an "rp_filter" option can be enabled to increase network security over the basic weak model. This provides source validation for all incoming packets. This enables the system to trace all packets back to their "return IP addresses" to confirm that the data is, in fact, legitimate.