Firewalls

Why Were Firewalls Created

As networks began to grow, interconnect, and eventually connect to the Internet, it became important to control the flow of network traffic. This control initially took the form of packet filter firewalls that examine the very lowest protocol layers, such as source and destination network address, protocols and port numbers. Firewalls rules used these attributes to define which packets were allowed through. If the packet network addresses, protocol and port number matched those of a packet filtering rule in the firewall, it was allowed to pass through if it didn't, it was either silently dropped or blocked. The drawback of packet filter firewalls was that they took a one size fits all approach to decide whether to allow traffic to pass, and bad actors could bypass firewalls rules. What would stop a bad actor from injecting rouge packets through acceptable protocols and ports, or exploiting a bug in computer networking software? To offset this weakness, additional criteria for blocking or allowing traffic were developed in second generation firewalls.

Second Generation Firewalls

Second generation firewalls, called stateful firewalls, were designed to observe these network connections over time. They would watch as new network connections were made, and continuously examine the conversation between the endpoints. If a connection behaved improperly, the firewall blocked that connection. Any packets that didn't belong to a known conversation were dropped. While this was an improvement, second generation firewalls still couldn't block rouge packets if they were using an acceptable protocol, such as HTTP. The explosion of the World Wide Web promoted HTTP as one of the most frequently used network protocols. The problem is that HTTP is used in many ways, such as static text content, e-commerce, file hosting, and in many other kinds of web applications. Because they all use the same port number, the firewall is not able to distinguish between them. Network administrators needed to distinguish between these web applications to block the malicious ones and allow the beneficial ones. To determine how protocols such as HTTP are used, the firewall must look deeper into the data payloads.

Third Generation Firewall

Third generation firewall solve this issue. While still stateful, these firewalls understood the higher level protocols and the applications inside them, and controlled different uses of the same basic protocol. This is known as application layer filtering. Firewalls that implement application layer filtering can understand protocols such as HTTP, FTP, DNS, and others. In the case of HTTP it can differentiate between browser traffic to a blog, a file sharing site, e-commerce, social media, VoIP, and many more. Our increasing connections through the Internet also precipitated profound changes to the way we work, play and learn. Business have evolved to take advantage of cheaper, multi cloud services, and the convenience of mobile and IoT devices dramatically expended network edges, thereby increasing the attack surface. Threat actors continue to change in terms of attack methods and sophistication. Attacks now come from trusted users, devices, and applications that spread malware, both unknowingly and with malicious intent.

NGFW Next Generation Firewall

A firewall must now prevent evolving cyberattacks at every edge of the network while delivering security, reliability, and network performance. This brings us to the advanced security capabilities that are found in the next generation firewall NGFW. Similar to airport security, NGFW has multiple security checkpoints. NGFW looks at packets and makes rule based decisions whenever to allow or drop the traffic. NGFW preforms a deep packet inspection (DPI). If questionable content is found, it will run the content in a sandboxed environment isolated from your device, for further analysis, It might also drop the connection. As networks continue to evolve and introduce new challenges, NGFW also evolve. For example, they have the ability to control applications, either by classification or based on whom the user is. Application level security helps protect web browsing clients from threats and attacks. NGFW also adopted various segmentation approaches that segregate users, devices, and applications, which are aligned to business needs. By segmenting networks rather than using a flat network, the firewall helps eliminate a single point of entry, which made it easier for cyber criminals to get inside the network and spread threats across the network. (VLANs) NGFW also deliver high performance inspection and greater network visibility, with little to no degradation, to support and protect modern distributed data centers that are within a complex and hybrid IT infrastructure. Hybrid data centers offer businesses greater agility, flexibility, and scale on demand, as well as an expended attack surface that requires an equally evolved security strategy. High performance inspection includes applications, compute resources, analytics, encrypted data that moves throughout the infrastructure, and data storage across multiple private and public clouds.