AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

Back in Time and Back to the Future: Looking at the Evolution of the Firewall

by

As we’ve entered a New Year and we look back at the events of the past year, I thought it would be interesting to examine the firewall from its beginning and how it’s evolved. We’ll review the transformation of the firewall and how multiple services have been bundled into today’s modern NGFW, as well as a few trends of where the firewall may be going in the future.  So let’s all pile into my DeLorean and take a trip through time.

Old School

After pushing the dial back to the early 1990’s we find the firewall a much more primitive piece of technology that’s really only just a proxy. We say, just a proxy, but back in the day this was a sophisticated piece of technology. The proxies of this early time were normally pushed to the perimeter of a network and used to, wait for it, yup….proxy traffic to resources within the internal network. It was here that traffic could be filtered and shaped to certain resources. There were also packet filters that could be run on servers that inspected traffic coming into the network. Here’s where you’d create security policies, in effect rudimentary rulebases that did packet filtering based off the 5-Tuple attributes of TCP\IP -Source IP, Source Port, Destination IP, Destination Port, Destination Protocol (We’ll talk more about tuples later).

As security needs and capabilities began to expand within the network and firewalls performing stateful inspection were first commercially available, the firewall started its march into the enterprise as staple of network security…

UTM becomes the Latest Buzzword

Today we’re seeing more than just stateful packet inspection on our firewalls. We’re seeing years of evolution from multiple vendors pushing services into what we call a firewall today. We saw the evolution of firewalls a few years back when everyone and their mother were coming out with UTM devices and trying to make the firewall more than a one trick pony. These UTM devices gave you the ability to create SSL VPNs, Anti-virus, IPS, firewalls, etc. – all in one appliance –  a long way from our initial proxies we saw just a few years prior. These are still available today, but the evolution of the firewall doesn’t stop here!!

Enterprise Firewall – The Next Generation

Yeah, I realize we’re mixing movies now, but don’t worry, the DeLorean and our flux capacitor are still working and taking us back to current day (and maybe back to the future…). The aptly named Next-Generation Firewall (NGFW) is the current darling in the firewall world. NGFWs take this tuple thing we spoke about earlier and amps it up with even MORE TUPLES. This is a good thing, because the more you can filter on and learn the greater control you have over traffic within the network.

These NGFWs are not designed to block traffic by just the traditional method, but are filtering packets based off application and user traffic as well (again – more tuples are better). These NGFWs also don’t just have an IPS as a service, as they do with the UTM systems, but they integrate that code into the firewall’s decision completely to allow for the ability to block malicious traffic as well.  Many people are calling for the death of IPS, but I don’t particularly see it that way. The IPS will continue to be a standalone appliance for some time. Having the ability to incorporate its ability into the firewall’s decision-making process is just another step in its evolution.

To Infinity and Beyond
Yup, switching movie references again… So now that we’ve seen firewalls evolve from simple packet filters and proxies to NGFWs that can filter on user application traffic… what’s next? Over the next few years I think we’ll see a major trend of firewalls becoming much more virtual instead of being a stagnant appliance on your network. With the rise of Software Defined Networking (SDN) and virtualization, I think a flexible version of firewalls will be able to move through the network and filter at different layers of your enterprise. Also, with cloud computing and mobile devices growing at an incredible rate, we might see more cloud based firewalls that will become more focused by service, like web application firewalls (WAF).

With the firewall as the original security device in the network, it’s only fair that this device or software will continue to get a face lift every couple years to keep up with the increasing threat of attackers. Many people have called the firewall dead or useless and this is simply not true. Older versions of the firewall, circa 1991, are dead, but they’re evolving and fitting the needs of their times. I for one am very interested to see where the firewall will go next, unfortunately for me my flux capacitor was fried and I’ll have to wait and see with the rest of you.

Subscribe to Blog

Receive notifications of new posts by email.