The Evolution of Firewall

Remember firewalls? They're simply a standard part of the overall security fabric now—analogous to XML in networks—but they've never gone away. The firewall has been around since the earliest days of network security. For a long time, they were the last line of defense in a network. However, with changing types of threats, ever-growing numbers of bad guys—and, in fact, organizations and countries—that are up to no good, and general IT advances, there has been increasing discussion about the firewall's place in the network. Is a firewall still relevant in an age in which almost any security measure can be bypassed in a workaround? eWEEK and security policy management provider AlgoSec outline some major milestones in the history of the firewall, beginning from its early days as a proxy to packet filtering and continuing to next-generation firewalls (NGFWs), which include cloud-based versions. In addition, this slide show will present predictions on how the firewall and firewall management are likely to evolve.

Introduction

Firewalls are computer security systems that protect your office/home PCs or your network from intruders, hackers & malicious code. Firewalls protect you from offensive software that may come to reside on your systems or from prying hackers. In a day and age when online security concerns are the top priority of the computer users, Firewalls provide you with the necessary safety and protection.

What exactly are firewalls?

Firewalls are software programs or hardware devices that filter the traffic that flows into you PC or your network through a internet connection. They sift through the data flow & block that which they deem (based on how & for what you have tuned the firewall) harmful to your network or computer system.

When connected to the internet, even a standalone PC or a network of interconnected computers make easy targets for malicious software & unscrupulous hackers. A firewall can offer the security that makes you less vulnerable and also protect your data from being compromised or your computers being taken hostage.

How do they work?

Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to careful monitoring. Firewalls can also be tuned to follow "rules". These Rules are simply security rules that can be set up by yourself or by the network administrators to allow traffic to their web servers, FTP servers, Telnet servers, thereby giving the computer owners/administrators immense control over the traffic that flows in & out of their systems or networks.

Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out. Basically all traffic in & out can be watched and controlled thus giving the firewall installer a high level of security & protection.

Firewall logic

Firewalls use 3 types of filtering mechanisms:

Packet filtering or packet purity

Data flow consists of packets of information and firewalls analyze these packets to sniff out offensive or unwanted packets depending on what you have defined as unwanted packets.

Proxy

Firewalls in this case assume the role of a recipient & in turn sends it to the node that has requested the information & vice versa.

Inspection

In this case Firewalls instead of sifting through all of the information in the packets, mark key features in all outgoing requests & check for the same matching characteristics in the inflow to decide if it relevant information that is coming through.

Firewall Rules

Firewalls rules can be customized as per your needs, requirements & security threat levels. You can create or disable firewall filter rules based on such conditions as:

IP Addresses

Blocking off a certain IP address or a range of IP addresses, which you think are predatory. What is my IP address? Where is an IP address located?

Domain names

You can only allow certain specific domain names to access your systems/servers or allow access to only some specified types of domain names or domain name extension like .edu or .mil.

Protocols

A firewall can decide which of the systems can allow or have access to common protocols like IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP.

Ports

Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software.

Keywords

Firewalls also can sift through the data flow for a match of the keywords or phrases to block out offensive or unwanted data from flowing in.

Types of Firewall

Software firewalls

New generation Operating systems come with built in firewalls or you can buy a firewall software for the computer that accesses the internet or acts as the gateway to your home network.

Hardware firewalls

Hardware firewalls are usually routers with a built in Ethernet card and hub. Your computer or computers on your network connect to this router & access the web.

The Evolution of Firewall Types in Network Security

Access Control Lists (ACLs) were early firewalls implemented, typically on routers. They are useful for scalability and performance, but can't read more than packet headers, which provide only rudimentary information about the traffic.

Proxy firewalls process incoming network traffic by impersonating the intended recipient. Proxy firewalls send information to destination computers after inspection and only if it decides to authorize access. This computer’s response is sent to the proxy, which passes the data with the origin address of the proxy server. The proxy firewall through this process, brokers connections between two computers, which means it's the one and only machine on the network talking to the outside world.

Stateful inspection firewalls were the next major evolutionary step. They classify and track the state of traffic by monitoring all connection interactions until a connection is closed.

Unified Threat Management (UTM) solutions consolidate stateful inspection firewalls, antivirus, and IPS to a single appliance. They are also generally understood to include many other network security capabilities.

Next-generation firewalls (NGFWs) were created to respond to increasing capabilities of malware and applications. This is where Palo Alto Networks' platform comes in; We bring together the key network security functions, including advanced firewall, IPS/IDS, URL filtering and threat protection. Our NGFW solution ensures better security than legacy firewalls, UTMs, or point threat detection products, as these functions are engineered into the product from the start and share important information across disciplines.

Generations of firewalls

First generation firewalls: Packet Filtering

Definition: [`pakit] A packet is one unit of binary data capable of being routed through a computer network. (Thank you About.com)

Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports. Packet filtering is also known as static filtering. As most routing devices have integrated filtering capabilities, packet filtering is considered a standard and cost-effective means of data security.

Second generation firewalls: Stateful Filtering

Definition: A state table holds entries that represent all the communication sessions of which the device is aware. (Thank you Pearson Higher Education)

Stateful Filtering firewalls examine packets to see if the inspected packet matches an existing firewall rule that permits it. If so, the packet is passed and an entry is added to a state table. From that point forward, because the packets in that particular communication session match an existing state table entry, they are allowed access without the need for further inspection. Certain Digital Denial of Service (DDoS) attacks bombard the firewall with thousands of fake connection packets in an attempt to overwhelm it by filling its connection state memory.

Third generation firewalls: Application Layer Filtering

This advanced device offers protection by controlling the execution of files or the handling of data by specific applications. An application firewall prevents the execution of programs which have been tampered with. Thus, even though an intruder might get into a computer, the application firewall does not allow any suspected malicious code to execute.

So where did we go from here? We’ll elaborate the next evolutionary steps firewalls took in our next blog post, so stay tuned.