Security Policy Management with
Professor Wool

Next Generation Firewalls

Next Generation Firewalls (NGFWs) with Professor Wool is a whiteboard-style series of lessons that examine the some of the challenges of and provide technical tips for managing security policies on NGFWs across in evolving enterprise networks and data centers.

Lesson 1

Next-Generation Firewalls: Overview of Application and User-Aware Policies

In this lesson, Professor Wool examines next-generation firewalls and the granular capabilities they provide for improved control over applications and users.

Lesson 2

NGFWs – Whitelisting & Blacklisting Policy Considerations

In this lesson, Professor Wool examines the pros and cons of whitelisting and blacklisting policies and offers some recommendations on policy considerations.

Lesson 3

Managing Your Security Policy in a Mixed Next Gen and Traditional Firewall Environment

Next generation firewalls (NGFWs) allow you to manage security policies with much greater granularity, based on specific applications and users, which provides much greater control over the traffic you want to allow or deny. Today, NGFWs are usually deployed alongside traditional firewalls. Therefore change requests need to be written using each firewall type’s specific terminology; application names and default ports for NGFWs, and actual protocols and ports for traditional firewalls. This new lesson explains some of challenges of writing firewall rules for a mixed firewall environment, and how to address them.

Lesson 4

Using Next Generation Firewalls for Cyber Threat Prevention

As part of the blacklisting approach to application security, most NGFW vendors now offer their customers a subscription based service that provides periodic updates to firewall definitions and signatures for a great number of applications especially the malicious ones. In this lesson, Professor Wool discusses the pros and cons of this offering for cyber threat prevention. It also discusses the limitations of this service when home-grown applications are deployed in the enterprise, and provides a recommendation on how to solve this problem.

Have a Question for Professor Wool?