The Ever-Evolving Firewall
Firewall is a term most IT professionals hear on a day-to-day basis, often just thrown around loosely with little thought on how these devices have significantly changed over the last few decades since their existence. What comes to mind when someone mentions firewalls? Personally, I cannot help but see this angry caricature of a brick-faced box aggressively denying telnet traffic inbound, thanks to an “Introduction to Networking” class I took a long, long time ago. But what are they really and what are they doing now to secure my environment in a constantly changing threat landscape?
The Firewalls’ Humble Beginnings
Network perimeter firewalls were first deployed when corporations realized the need to protect internal assets. In its first form, the firewall was a simple packet filtering device. Rules were configured to allow or deny packets based on source/destination IP addresses and source/destination ports. It wasn’t long before we realized that packet headers could easily be manipulated to get around static rules. IP Spoofing anyone?
Second Gen Firewalls
Meet the Second Generation Firewall – Stateful firewalls. Added functionality to allow/block rules permitted the observation of connections through the device. Matching inbound traffic to the original outgoing request, we enhanced simple packet inspection to an entire network conversation session. We could now block an incoming packet from an unknown source interjecting itself into a stream of traffic. While this new technology seemed fine at the time, the Internet and Internet traffic was growing at such an exponential rate. Most communication occurring outbound on the network left on HTTP port 80. As more applications were being made available to the Internet, it became difficult to maintain state tables and there was no application-layer filtering. The Stateful firewall quickly peaked with its utility.
Then we began seeing the rise of Application Layer Filtering Firewall, commonly known as a proxy firewall. HTTP could now be better differentiated with all other web traffic ingressing and egressing the network. This, however, drastically increased the required computing power of the firewall and we began to see degraded network performance.
Vendors realized that they could significantly increase processing power on an appliance and bring additional roles into a single device. We saw IDS/IPS, Deep Packet Inspect, VPN, web filtering, application awareness, anti-virus/anti-malware and the ability to work with external threat intelligence sources. We can now see rules for individual applications to make informed decisions on what normal traffic should be. Where do firewalls go from here?
Firewalls, the Next Generation!
The Next Generation Firewall (NGFW) allowed organizations to incorporate firewall solutions best suited to fit their needs. Vendors now offer an array of cost-effective appliances that can accommodate various maximum throughputs, number of connected VPN users, and different subscriptions can be purchased to enable additional features that enhance security. NGFWs enhance basic firewalling features and work harder to protect the network by inspecting beyond the network and transport layers of the OSI model and all the way up to the application layer end-user level. The added security features work hard to detect and minimize breaches and prevent zero-day attacks utilizing independent threat research teams to provide up-to-date, real-time signatures to keep customers automatically protected. Its continuous monitoring with IPS/IDS of all activities identifies and contain threats.
The firewall has become more than an angry, brick-faced box with a long list of permit and deny statements. What I learned once has become so much more than a single device on your network. We have seen many iterations of a device sitting on your network’s edge. Today, NGFWs work diligently combining the best technology with enabled services to always be one step ahead of exploiters.
Aaron Coons is the Client Support Lead Engineer for ABS and joined the family in 2010. He leads the team in providing technical support while monitoring and maintaining the health of our client’s networks. Before making his way to ABS, Aaron graduated from the University of Maryland in 2004 with an Associate in General Studies and then went on to earn an Associate in Computer Information Systems in 2007 from the University of Akron; he finally rounded out his education by earning his Bachelor of Science in Computer Information Systems in 2008. In 2019, Aaron was promoted to Engineering Lead, where he oversees all Client Support engineers.