Next Generation Firewalls and Advancing Network Security
When you get behind the wheel of your favorite vehicle and power down the freeway at 70 miles per hour, you are probably not thinking about the raging fire and explosions happening just inches in front of you in the engine compartment. The temps of an internal combustion engine can reach thousands of degrees Fahrenheit — hot enough to melt nearly any type of metal if the temps were sustained. Fortunately for us, the extreme temps are transient and automotive engineers have designed a steel barrier to protect us from the dangers lurking just ahead of us. We are shielded from the explosions and high velocity steel by a firewall. The firewall, a steel barrier dividing the engine compartment from the passenger compartment, creates a safe zone where people can feel secure and protected from persistent dangers.
Network firewalls are far more complicated than the heavy gauge steel used in automotive firewalls but the concept is the same. In network security, the firewall divides a network safe zone from less controlled networks. Traditionally network firewalls monitored incoming and outgoing network traffic through predefined security rules. These security rules would allow the firewall to inspect packets and connections then either allow, disallow, or redirect the traffic based on the rules. Eventually firewalls were able to extend their monitoring to specific applications. This meant they could understand various protocols and allow/disallow complete applications or even identify when an application was likely being abused.
Continued developments in application layer monitoring created a new class of firewalls called next-generation firewalls (NGFWs). NGFWs allowed for deep packet inspection (DPI) of network traffic. Imagine the difference between sorting mail at the post office by address, zip code and envelope size and eventually opening each envelope to read and inspect the contents. Through DPI data processing, the firewall can read the contents of every packet for advanced inspection before determining if it should block, re-route, log, or allow that traffic. Through DPI, firewalls could even learn what normal traffic looked like so they could intelligently spot outliers. These advancements in DPI have allowed NGFWs to include web filtering, user identity management, and intrusion prevention systems (IPS).
Advanced Firewall Security
Gong beyond DPI, NGFWs also allow for TLS/SSL encrypted traffic inspection, bandwidth management, and antivirus inspection. These advancements in firewall security are what have allowed network administrators to fend off the latest threats like web-based malware attacks, application-layer attacks, and even targeted attacks. NGFWs have elevated the level of network administrator awareness around individual applications and overall network usage which allows for very granular security controls and policy enforcement.
Responding to Threats
The latest NGFWs can also create a response mechanism to offending or suspicious traffic. No longer are firewalls simply limited to the common allow, deny or reroute rules — they can now choose to sandbox suspicious traffic for further monitoring in a safe environment. They can also leverage cloud-based threat intelligence services which collect data from around the globe, share data from prior intrusions, and scour the hidden corners of the internet to better identify and respond to the latest threats.
The Human Factor
Even with all the advancements in protection NGFWs provide, they simply aren’t enough on their own. Unlike an automobile’s firewall, where it is installed and left alone to do its job, a network firewall requires skilled security analysts to effectively harness the information provided, manage the device and establish a credible security policy. Don’t fall victim to technology overreliance while ignoring the human component.