Detecting and protecting software
The introduction of the Firewall came in the late 80’s proceeding the widespread adoption of the internet as we know it today. These devices were essentially basic ‘Packet filters’ that would filter communications according to a set of pre-determined rules.
By the early 90’s AT&T Bell Labs had developed a 2nd generation of Firewalls capable of ‘Stateful’ packet inspection. This allowed all connections to be monitored & determined as to their point of origin, allowing for an expansion of filtering/blocking based upon this criteria.
In the mid 90’s the 3rd generation of Firewalls had now been developed to include ‘Application layer’ filtering. This new generation of device could now understand certain applications & protocols (such as FTP, DNS, or HTTP), allowing these devices to detect if an unwanted application or service was attempting to bypass the Firewall by using a protocol on an allowed port. This is sometimes referred to as an Intrusion Prevention Service (IPS).
Around 2012 this 3rd generation of device had been enhanced & refined to a point which allowed a much wider or deeper functionality (Deep Packet Inspection) to form the basis of what we now refer to as NGFW Next Generation Firewalls.
Buying a Firewall, what to consider?
Platform type: How are your firewalling services to be provided?
Is an on-site hardware appliance required (traditionally favoured), or a Cloud based software device?
Features: What do I actually need?
Firewalls have developed to the point of being able to incorporate many software based enhancements above and beyond the remit of packet & layer inspection. These enhancements can include such features as Gateway Antivirus (GAV), Reputation Enabled Defence (RED), and Data Loss Prevention (DLP). The latest UTM (Unified Threat Management) devices are capable of running all of these additional services from a single device, usually under a single management being preferred.
Manageability: Ease of use.
The birth of NGFW and UTM Firewalls has meant there has been an exponential growth of the complexities surrounding network security. Many vendors can supply all, some, or variations of the same basic features across their product ranges. What distinguishes them is how easy it is to manage all of these features, with the ‘Single pane’management panel.
Performance: Will it do the job?
Because NGFW & UTM devices can incorporate so many features into a single device, it makes them an attractive option for many organisations. The pay-off to this amalgamation of features though, is that each one will have its own degrading effect on the performance of that device. How severe that degradation is varies wildly across vendors & products, so the key is to always look at the NGFW/UTM performance (all services switched on) opposed to the usually circulated ‘Firewall’ performance which is the device running with no feature sets enabled.
Price: How much will it cost me?
With so many options of vendors, devices, & feature sets available it is not possible to determine a set price, as each install is essentially bespoke to that customer’s requirements. Sticking to a known brand & engaging with the distributor/vendor to discuss each install is the best way to ensuring that the customer requirements are met.
Northamber is proud to have been partnered with WatchGuard Technologies a multi award winning security company for the past 17 years, to provide Enterprise grade firewalling technology to the SMB marketplace. For more information or to discuss your Firewall requirements, contact the WatchGuard team at Northamber…