The network firewall is the first line of defense for traffic that passes in and out of a network. The firewall examines traffic to ensure it meets the security requirements set by the organization, and unauthorized access attempts are blocked.
The intention behind network firewalls is that they filter internet transmissions so that only traffic that belongs is allowed into an organization. Decisions are based on pre-set rules or policies. Like many areas of technology, firewalls have evolved greatly over time and are more sophisticated in terms of efficacy as well as flexibility of deployment. For example, they have developed the ability to be deployed in completely virtual environments to protect data transferred to and from the cloud or to protect remote branches.
Types of network firewalls
The foundation of IP communications is still based on a variety of factors, such as source, destination, IP addresses, protocols and ports and URLs, so packet filtering remains at the core of firewall defense and is the best first line of defense for an organization’s network.
Main types of firewalls as:
- Packet filtering firewalls: An early type of firewall security that relied on packet characteristics like source and destination IP address, port and protocol of individual packets to determine if the packet should be allowed through or dropped.
- Stateful inspection firewalls: This form of firewall protection added the capability to look at packets that belong to one complete session. Once a session is established, the source and destination are allowed to communicate without the need to look at subsequent packets in that session.
- Application layer firewalls: These network security firewalls examine packet-level information and application-layer information such as the URL of the HTTP request.
- Next-generation firewalls: The latest firewall technology adds so many capabilities that it merits its own section below.
Gartner defines a next-generation firewall (NGFW) as a deep-packet inspection tool that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention and intelligence from outside the firewall. This is not to be confused with a network intrusion prevention system (IPS), which typically includes either a basic commodity firewall or consists of an appliance containing a poorly integrated firewall and IPS.
Some next-generation firewalls can perform full-packet inspection on encrypted traffic. Additionally, they can apply application-specific and user-specific security policies. This helps protect against threats, manages how network bandwidth is allocated and maintains appropriate access controls. Some NGFWs may also prevent malware from getting into the network. “Advanced firewalls can detect intrusion attempts, user identity and application control, in addition to simply identifying unauthorized traffic access,” said Maniar.
Next-generation firewalls, then, are regular network firewalls that have additional capabilities that allow them to do more than static filtering of traffic. They inspect at the application layer and can do SSL traffic inspection, intrusion and other prevention techniques. They can be deployed at the perimeter, inside the network as core firewalls to segment traffic, and also within a host to protect virtual workloads.
But network security firewalls, no matter how advanced or next-gen, won’t stop everything. They generally don’t detect and stop threats that have entered a network via social engineering, insider threats, email or Bring Your Own Device (BYOD). Other security tools are required to take care of that side of the equation.
Yet some vendors have begun to integrate these features into their firewall products. Whether these tools can validly be termed “firewalls” is a matter of debate. But the reality is that the combination of traditional firewall technology with the latest security techniques provides a formidable obstacle for cyber criminals.
Examples of common endpoints in the workplace include:
Network firewall hardware and software
Firewalls were originally hardware-based before software-based firewalls arrived on the scene. Some vendors insist software firewalls can now perform and scale similarly to their hardware-native counterparts for most use cases. They concede that the only real exceptions may be the largest and most demanding environments may require a heavy duty hardware firewall.
Others say that software firewalls are only for home users and personal devices. Hardware firewalls, on the other hand, can protect the entire network, whether it is the home network, a small branch, an enterprise or a large service provider.
The common denominator of all these viewpoints is that the firewall of today is quite different from those of a decade ago. How different, though, depends on the vendor’s technology emphasis. The various software and hardware camps make liberal use of terminology such as virtual firewall and virtual appliances. Thus virtualization has blurred the lines between what were once quite distinct software- and hardware-based firewalls.
Next-generation firewall solutions
Gartner analyst Adam Hils said next-generation vendors can be differentiated based on feature strengths. Each has their own take on what next generation means.
“Buyers must consider the trade-offs between best-of-breed function and costs,” said Hils.
Gartner added that less than 50% of enterprise internet connections today are secured using next-generation firewalls. By year-end 2019, however, this is expected to rise to 90% of the installed base. Understandably, there are many vendors seeking to exploit this surge in the firewall market. Here are a few of the candidates which fared well in the most recent Gartner next-generation firewall Magic Quadrant.
Juniper Networks offers a portfolio of network firewalls that can service mid-size enterprises, large enterprises, service providers in a private or public cloud, and hybrid environments. Juniper’s Software-Defined Secure Network (SDSN) runs the JUNOS operating system, which provides uniform administration across its hardware-based and software firewalls.
Palo Alto Networks claims that some firewalls masquerade as next-generation firewalls by tacking deep inspection modules onto traditional port- and protocol-based architectures. It characterizes its own offering as true a NGFW that natively classifies all traffic based on applications, users and content.
Barracuda Networks NextGen Firewalls allow users to regulate application usage and prioritize network traffic with features like link balancing and WAN optimization. They can be deployed in cloud, virtual, and on-premises scenarios. This includes small remote offices, a single desktop, or a large campus. They can defend against: intrusion attempts and exploit patterns at the network layer; unauthorized access control attempts; DoS and DDoS attacks; malware such as viruses, worms and Trojans; and advanced threats such as backdoor attacks or covert phone home activity from botnets, as well as blocking access to unwanted websites and servers via web filtering, said Gheri.
Check Point Software‘s firewall gateway can be augmented via subscriptions to provide advanced malware protection and multiple threat intelligence feeds. Its firewall can support public clouds such as Amazon Web Services and Microsoft Azure. It also integrates with VMware NSX and Cisco Application Centric Infrastructure.
Emerging and advanced threats
There are some very serious threats facing networks. Data breaches and ransomware, for example, are two of the biggest concerns for any organization. Exploit kits are another major infection vector wreaking havoc on enterprises. Symantec’s research shows that on average, there are more than one million new malware variants created by attackers each day, and much of this malware uses a number of both new and known techniques to infiltrate the endpoint using email, browser, applications and devices as the entry point.
Endpoint encryption and access controls
Endpoint encryption is a critical layer of endpoint security. Encryption protects the data on the devices themselves and during transmission, keeping outside actors from being able to copy or otherwise transfer that information. Full disk encryption is even more effective, as it encrypts the entire hard drive, protecting not just the data but the operating system and applications too. In this case, the encryption key is required at the boot up stage, and once applied, the system will decrypt enough to run normally.
Another data protection control is application controls, which prevent unauthorized users from executing applications on the endpoint device. Not only does this protect the endpoint from outsiders taking over applications, but it can control what authorized users of the device can download or access. It also protects the network from potential data threats from departing employees with the ability to lock them from enterprise applications.
A VPN is another critical endpoint protection tool that organizations should be using.
Endpoint protection steps
- Remove/manage administrative accounts on endpoints: Regular users do not need administrative rights to do their every day jobs. For those applications that require administrative rights, the organization can implement an application control solution that can provide administrative rights to those approved programs that require it. Removing administrative access on the endpoint can mitigate much of the damage that an attacker can cause if they are able to compromise that endpoint.
- Keep systems patched and up to date: Vulnerabilities are discovered all the time, and malicious attackers are keeping a close watch as these vulnerabilities are discovered. If the vulnerability is particularly dangerous, attackers will start sweeping across businesses attempting to find organizations that didn’t patch the vulnerability in order to gain access. Your policy and procedure must enforce keeping systems on the network up to date.
- Implement advanced authentication: Some of the breaches that occurred in 2016 were secondary breaches due to a previous breach. Usually this happens when someone uses the same password across multiple sites and devices. If an employee’s account was compromised in a data breach and they use the same password to login to their system, then it’s easy to access that system. If the organization implements advanced authentication, the attacker won’t have access to complete authentication abilities, even if the password is stolen.
- Security awareness and training: Continued awareness and training on password, security, and electronic use best practices can go a long way. Unfortunately, an organization cannot rely solely on training, because again, humans make mistakes – and they can easily be the weakest link in a strong security program.
Protecting the endpoint from potential threats
Endpoint monitoring for the following areas:
- Vulnerability management
- Vulnerability patching
- Sensitive data discovery, which should include data loss prevention (DLP) as well as identification of exfiltration of sensitive or potentially-sensitive data through cloud storage or web-based applications
The 18-year history of L A Technologies Pvt.Ltd is one that speaks of the evolution of a company by a visionary, Mr. Lawrence Albert, and of its employees, who have helped businesses and governments apply information technology to achieve new levels of competitiveness and success.
101 B, Pinnacle Corporate Park,
B Wing, First Floor, CTS 4207 Part,
Bandra Karla Complex ,
Bandra (East), Mumbai 400051
- +91 22 61828400
© Copyrights 2010. All rights reserved. by / L A Technologiesindia.com