Sunday, April 10, 2016

Evolution of Firewalls : From Packet Filters to Next Generation of Firewalls

A Firewall is a network security system which monitors the inbound and outbound network traffic of a system and filters them as per some predetermined rules. It can be implemented as a hardware or as a software. If configured properly, a Firewall can prevent network intrusions up to a great extent.

First Generation of Firewalls : The Packet Filters

This type of Firewalls was first developed in 1980's. They mainly monitor network addresses and ports of inbound and outbound network traffic, and filter them as per some predetermined rules.

They store no information on connection state. Instead, they inspect source IP addresses, destination IP addresses, source and destination ports and protocols like TCP, UDP etc to filer the traffic.

This type of Firewalls mainly work in first three layers of the OSI model – the physical layer, the network layer and the transport layer to see the source and destination ports. And, as the Packet Filters do not store any information on the connection state, they cannot filter traffic depending on whether a particular network packet is part of an existing stream of traffic.

Second Generation of Firewalls : The Stateful Filters

This type of Firewalls was first developed in early 1990's. They retain the network packets until it gets enough information on the connection state of the packet. They determine whether a packet is part of an existing connection or not part of any connection and filters the traffic as per that.

Second Generation Firewalls can operate up to layer 4 of the OSI model, so that they can do stateful packet inspection.

Third Generation of Firewalls : The Application Layer Firewalls

This type of Firewalls was first developed in mid-1990's. Till now Firewalls were able to filter traffic based on IP addresses, ports or connection state, but they were unable to understand application layer protocols like HTTP, FTP, DNS. As a result, they were unable to detect whether an unwanted protocol is trying to bypass the firewall in an allowed port or any protocol is getting abused. The Application Layer Firewalls can monitor and understand certain application layer protocols and filter traffic as per that.

The Next Generation of Firewalls : Deep Packet Inspection

A Next Generation Firewall or NGFW is a recently developed integrated network platform that combines a traditional firewall with other security system functionalities like an application firewall, Intrusion Prevention System or IPS, SSL/SSH interception, QoS/bandwidth management, malware inspection etc. An NGFW includes the typical functionalities of a traditional firewall, yet it is much more powerful than a traditional firewall in detecting and preventing attacks and enforcing security.

An NGFW uses Deep Packet Inspection or DPI using which it can examine the data part of the network packets and search for protocol non-compliance, virus, spam, intrusions and other statistical information to filter the traffic and enforce security in a better way.

And, as an NGFW integrates multiple security technologies in an efficient manner, it has several advantages over the traditional Firewalls. It reduces administrative cost, can detect malware concealed in encrypted SSL/SSH traffic, can associate network traffic to users, and improves network throughput.

The Firewall technology emerged first in 1980's, and since then the technology improved a lot. Now it has become almost inevitable in network security. This article just gives a brief history on Firewall technology. Hope you liked it.

1 comment: