Connect with us

Hi, what are you looking for?


Network Security

The Firewall: From Past to Present… and Beyond

The firewall – it’s been around since the dawn of the commercial internet, but it has been and remains a vital layer in the network security defense.

The firewall – it’s been around since the dawn of the commercial internet, but it has been and remains a vital layer in the network security defense.

There has been recent discussion about its place in the network today, but as with any technology that stays viable in new times, the firewall has evolved. Let’s take a quick trip back in time to understand how far the firewall has come and then fast-forward to what we can expect in the future.

• Flashback to early 1990: The first generation firewall inspected “packets” transferred between computers on the Internet. Inspections were performed on each packet, looking at the source, destination, port, etc. and primarily only covered the first 3 layers of the OSI model.

• Going one layer up the OSI Model: The firewall’s next step was moving up to layer 4 in the OSI model and performing stateful inspection. Whereas packet filtering looked only at an individual packet at a time, with stateful packet inspection, firewalls could retain packets until there was enough information to make a sound yes/no decision. Stateful firewalls are still widely used today though that is shifting.

Network Security Firewalls• We are currently in the age of firewall acronyms. Firewalls have picked up more capabilities, and more marketing buzzwords!

o UTM – Unified Threat Protection. It’s a bird, it’s a plane… no… it’s a firewall… and a whole lot more. UTM devices provide firewalls, Anti-virus, IPS, etc. – all bundled in one appliance.

o NGFWs – Next-generation firewalls. With Next-Gen firewalls, we get to layer 7 control as these devices are designed to filter traffic based on application and user traffic as well traditional means. NGFWs additionally can integrate IPS into the firewall’s decision to block malicious traffic. Having the ability to incorporate its ability into the firewall’s decision-making process is just another step in its evolution. There is some debate whether it’s best to have IPS as a standalone or integrated with your firewall, but integration is where we’re heading.

Sidenote: I recently participated on a panel discussing the current state of the firewall, which was moderated by Mike Rothman of Securosis and included Pankil Vyas of GM, Patrick Bedwell of Fortinet and Ryan Liles of NSS Labs.

Advertisement. Scroll to continue reading.

One of the questions from the audience was “what’s the difference between a UTM and a NGFW?” To summarize the thoughts from my peers on the panel, it was basically agreed that it’s more semantics than anything else, with small potential differences around performance (UTMs being thought of as more mid-market and NGFWs more for the enterprise).

• Where we go from Next-Generation firewalls and UTMs to next is up for debate, but here are some ideas to consider:

o Further integration of security capabilities. We’ve already seen a lot of integration with UTMs and NGFWs and we’re getting beyond just throwing more tools on a box and actually integrating the data and capabilities to get faster and better decisions made. One possible evolution would be to have a SIEM correlate data from the gateway and dynamically adapt the firewall rules to mitigate specific threats – this is a ways off still I think, but this type of integration will certainly continue as more intelligence and automation are built into and cross-pollinated across these solutions.

o Hypervisor level firewalls which inspect and enforce a policy on VM-to-VM traffic. We’re just at the beginning stages of adoption and hypervisor level firewalls will not replace dedicated firewalls operating at or near wire speeds, but as organizations begin to mix workloads with different security requirements on the same physical box, there will be more demand for these firewalls.

o Cloud-based firewalls. Spinning up servers on Amazon or Rackspace? What about managing the security policy of those servers? We are starting to see emerging technology that offers security in the cloud that matches the elastic and dynamic nature of cloud environments.

o I think the way firewalls and their policies are managed will also change. It’s already underway. It’s one thing to manage all of the rules that allow traffic to be filtered at different points in the network and based on different criteria, but at the end of the day a firewall is there to allow or block traffic.

Firewall For Network SecurityWith networks becoming increasingly complex, and with these allow/block decisions impacting many stakeholders, instead of looking at these devices from strictly a firewall/security perspective, I believe that at least in large organizations we’ll start to see more decisions made from the perspective of a business application. By business application I mean as an example a credit card processing service that is vital for an ecommerce company to run/make money. If a firewall rule is preventing the application from working or slowing down its performance, the company suffers. It’s a new way of looking at how firewalls are managed and it’s evolving… stay tuned!

I hope you enjoyed this journey down the firewall memory lane and a look into the crystal glass of what is possible down the road. I want to make sure it’s clear that firewalls are here to stay, it’s just that the firewall as we’ve known it is changing. What was considered a firewall is now much more and while names may get fuzzy with deeper levels of integration, the firewall’s place in the network is cemented.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...