Thursday, April 7, 2016

Next Generation Firewall or NGFW

If not redirected, please click here

A Next Generation Firewall or NGFW is an integrated network platform that combines a traditional firewall with other security system functionalities like an application firewall, Intrusion Prevention System or IPS, SSL/SSH interception, QoS/bandwidth management, malware inspection etc. An NGFW includes the typical functionalities of a traditional firewall, yet it is much more powerful than a traditional firewall in detecting and preventing attacks and enforcing security.

Traditional Firewall and how it works

A traditional firewall monitors incoming and outgoing network packets of a system and prevents unauthorized access depending on some pre-configured rules.

A traditional firewall filters traffic based on mainly the following parameters :

  • Source IP address and destination IP address of the network packets.
  • Source port and destination port of the inbound and outbound traffic.
  • Current stage of connection.
  • Filtering rules based on per process basis.
  • Protocols used.
  • Routing features.

So, though a traditional firewall is good in ensuring security, it is not sufficient. One has to rely on other security solutions like IPS, anti-malware products, content filtering packages etc to ensure proper security.

The disadvantage of using different network security techniologies separately is it increases administrative cost and degrades network performance. An NGFW combines multiple network security technologies to provide better security mechanism while taking care of most of the disadvantages of using seperate security solutions at a time.

Next Generation Firewalls

An NGFW typically includes :

  • Intrusion Prevention System
  • Malware protection
  • Filtering traffic per application basis.
  • QoS or Quality of Service to guarantee network throughput
  • VPN
  • SSL/SSH interception

An NGFW uses Deep Packet Inspection or DPI using which it can examine the data part of the network packets and search for protocol non-compliance, virus, spam, intrusions and other statistical information to filter the traffic and enforce security in a better way.

An NGFW can monitor and filter traffic per application basis instead of port basis, which enables it to troubleshoot network problems in a better way. It can also associate network traffic with specific user or group of users, which helps in enforcing better acceptable-use policies.

NGFW can intercept the encrypted SSL and SSH traffic to look for any malicious traffic concealed in the encrypted traffic. And, this enables it to detect advanced threats and attacks.

And, as NGFW integrates multiple security technologies in an efficient manner, it improves network performance over using different security technologies separately.

Advantages of Next Generation Firewalls

An NGFW has a number of advantages over traditional firewalls. Some of the most important ones are listed below :

Lower Administrative Cost

In an NGFW, all the above mentioned security technologies are installed and configured as a unit. As a result, it reduces administrative cost significantly.

Easier to identify threats

An NGFW monitors the network traffic and reports all the events through a single reporting system, which is much more convenient than using different security techniologies separately.

Inspection of SSL/SSH traffic

Malware can be concealed in an encrypted SSL/SSH communication. For example, botnets and Advanced Persistent Threats often create SSL tunnels and exchange communication with the attackers. But, traditional firewalls cannot decrypt SSL/SSH traffic. As a result, the attackers can take advantage of that to make attacks.

NGFW can decrypt and inspect SSL/SSH traffic using Deep Packet Inspection and filter network traffic based upon that.

Filtering based on application

Traditional firewalls can filter traffic based on port, but that may prove to be inconvenient at times.

NGFW can associate traffic based on application, which enables it to block or monitor network traffic per application and troubleshoot problems based on that.

Identifying network traffic by users

Traditional firewalls cannot associate network traffic to users easily. One has to laboriously look at the log files for that purpose.

But, as NGFW can easily associate network traffic to specific users, it helps in enforcing better acceptable use policies.

For example, in a company marketing and Human Resource group may need to access some social networking sites, but others need not. Using NGFW one can easily set proper acceptable-use policy for that purpose.

Similarly, a company may allow its employees to access some social networking sites to make posts or comments, but may not allow them to play games. Using NGFW the company can set required policies easily.

Improved Network Performance

Using different network security technologies separately often causes degradation of network performance. Administrators often need to respond to that by disabling monitoring of certain ports, disabling some firewall rules or limiting Deep Packet Inspection which compromise network securities.

But, as NGFW integrates multiple network technologies together efficiently, it improves network throughput without having to trade off security for performance.

No comments:

Post a Comment