Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Wireless Network Penetration Test
      • Vulnerability Assessment
      • Network Segregation Test
      • Voice over IP (VoIP) Penetration Test
    • Application Testing
      • Web Application Penetration Test
      • Mobile Application Penetration Test
      • Desktop Application Security Assessment
      • Citrix Breakout Test
    • Configuration Review
      • Windows Server Build Review
      • Linux Server Build Review
      • Citrix Configuration Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials
  • News
  • Articles
  • About
    • About SecureTeam
    • STORM Appliances
      • Installing a STORM Device
      • Returning a STORM Device
    • White-Label Consultancy
    • Jobs
    • Cookie Policy
    • Quality Policy
    • Security Policy
    • Privacy Notice
    • Website Terms & Conditions
  • Contact Us

Articles

Home  >  Articles  >  Infrastructure  >  What is a Next Generation Firewall?
NextPrevious

What is a Next Generation Firewall?

Articles, Infrastructure | 24 July, 2020 | 0

What is a Next Generation Firewall and how can it help keep your network secure?

The phrase ‘next generation firewall’ is increasingly being used by security vendors to describe their network security products. However, the definition of precise capabilities required to call a firewall next generation (or not) are far from universally agreed.

This article will explain how a traditional firewall works, how so-called next generation firewalls generally differ and how the new capabilities these devices bring can enhance your network security.

How do firewalls work?

First created in the late 1980s, a firewall is a device that limits the communication between two different networks (or network segments).

The original firewalls were simple packet filters and able only to manage connections based on TCP/IP port numbers and IP addresses.  Since TCP operates a convention of using well know port numbers for certain services (HTTP is on port 80 for example) then the firewall could block access to an FTP server by not accepting traffic incoming for FTP’s well-known port 21.

Technology developed during the 1990s made it so that the firewall became able to monitor the communication between specific hosts on either side of the firewall – known as stateful filters.  This meant the firewall could keep track of a conversation between two hosts on a certain port and not be limited to pre-configured well know port numbers.  Around the same time NAT (Network Address Translation) become popular meaning when a firewall sat between two different networks, all outbound traffic appeared to come from the firewall itself.  This was a crucial technology that enabled the growth of secure internet communications as it hid the details of the internal network from devices on the internet.

The final evolution of the traditional firewall was the development of the application layer firewall.  By monitoring individual socket connections to each TCP port, data flow can be controlled based not just on the server behind the firewall, or the port number being used for a given protocol but also which application running on the server that is listening on a given port

A very simplified analogy would be to think that a corporate firewall is like the mail room in the basement of a business’s headquarters building.

Basic firewalls can implement rules such as: people can send letters to the accounts department, but not parcels. Or, no-one can send letters to the HR department, but they can send letters out to anyone they like.

More sophisticated firewalls implement allow lists based on the sender’s address found on the back of the envelope. For example, people in the UK can send a letter to the accounts department, but people in Russia cannot.  Or even, the accounts department at Microsoft may send letters to our accounts department, but not anyone who works for Cisco.

The point of the analogy is this – when we consider what a next general firewall is, it is like the mail room opening and reading every letter and then deciding whether to deliver it or not:  This letter addressed to the CEO reads like it is a scam, put it straight in the bin.

Traditional firewalls are primarily focused on protocol and addressing information found in the header of the incoming data.  They deal with rules that control which IP address and port may send or receive from another IP address, port, protocol or even socket.

A next generation firewall does all this with the header information, but then goes on to read and ‘understand’ the data payload as well in order to make decision about whether to allow the transmission to enter or leave the network.

How is a next generation firewall different?

A next generation firewall seeks to improve network security by inspecting more layers of the OSI model and looking at the contents of the data packets in order to make filtering decisions.

In essence, a next generation firewall consolidates various established security mechanisms into a single device with the aim of making the security easier to manager and so make it more effective.

Gartner defines a Next Generation Firewall as a:

“deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”

Since ‘next generation firewall’ is more of a marketing moniker than a technical standard, different vendors include different services and facilities in their devices.  However, you are likely to see many of the following included:

  • TLS/SSL decryption to spot data exfiltration
  • Web content filtering
  • Monitor or block use of cloud sharing platforms and redirect users to approved solutions
  • Intrusion Detection and Intrusion Prevention
  • Malware scanning and detection

Perhaps the most interesting feature of the next-gen firewall is its use of external intelligence to dynamically and continuously update its rules.  (This is the ‘intelligence from outside the firewall’ Gartner refers to in their definition).  In this scenario, for example, the firewall receives ongoing updates from its vendor. These updates include a list of IP addresses and domain names observed being used by malware or other attacks.  Because the vendor is receiving constant updates and observing malware behaviour from around the globe, they are in a position to identify trends and pinpoint the source of malware command and control servers – and automatically block access to them from your network. So even if malware does make it into your network, it will find itself unable to ‘phone home’ for instructions.

Defence in depth is still important

While the idea of a Next Generation Firewall may sound attractive to overworked, budget constrained security managers looking for more value from their security spending – a note of caution.  The appeal of the Next Generation Firewall – integrated management, simplicity of configuration, more levels of protection – is also potentially its Achilles heel.  Defence in depth is still important – we need more than one layer of security in order to protect our networks and the ‘one device to rule them all’ approach of the next generation firewall could dilute the security depth of your network. All software contains bugs and vulnerabilities – and if you only have one device for the attackers to defeat then you may not be as defended as you had hoped.

The answer may be to adopt vendor diversity – network edge firewalls from one vendor and internal core firewalls from another, for example. Then any deficiency or defect in one can be blocked by the other.

The speed with which vulnerabilities are discovered and then start to be exploited is increasing and will only keep on increasing. This means security managers will have to respond ever more quickly to security threats – and the ‘intelligence from outside the firewall’ is going to become an even more important to the security of every network.

 

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
cyber security, Security operations

Related Post

  • What is PIPEDREAM malware?

    By Mark Faithfull

    Since Stuxnet was used to damage Iran’s nuclear aspiration in 2010, there has been a dawning realisation that malware is not just a threat in cyberspace – it can cause real world damage to industrialRead more

  • Why Asset Management is important for Cybersecurity

    By Mark Faithfull

    As a security manager you can only protect systems that you know about. Asset Management is the art and science of keeping track of all the devices connected to your network so that you canRead more

  • Managing Certificate Expiry

    By Mark Faithfull

    At the turn of midnight at the end of October, parts of Windows 11 suddenly stopped working. The reason why the Snipping Tool, touch keyboard and emoji panel refused to run was an expired certificate. Read more

  • What is Zero Trust Security?

    By Mark Faithfull

    Understanding the principles of Zero Trust Security will help Security and Network Managers evolve their network design to better defend against new and emerging cyber security threats and increased remote working. To understand and appreciateRead more

  • What is Cyber Supply Chain Risk Management?

    By Mark Faithfull

    Recent high-profile security incidents, such as the compromises at SolarWinds and CodeCov and the vulnerabilities in Microsoft Exchange Server, have drawn attention to the risks posed by the software we invite into the heart ofRead more

NextPrevious

Recent Posts

  • Amex and Snapchat used in Open Redirect Attacks
  • VMware Patch Critical Authentication Bypass Flaw
  • Critical Confluence Vulnerability Exploited in the Wild
  • LinkedIn the Top Phishing Brand in Q2 2022
  • Microsoft Exchange Servers Open to Backdoor Hack

Recent Comments

    Archives

    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • April 2020
    • March 2020
    • February 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • July 2018
    • June 2018
    • April 2018
    • January 2018
    • October 2017
    BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
    information. secured.
    • Home
    • Our Services
      • Infrastructure Testing
        • Internal Network Penetration Test
        • External Network Penetration Test
        • Wireless Network Penetration Test
        • Vulnerability Assessment
        • Network Segregation Test
        • Voice over IP (VoIP) Penetration Test
      • Application Testing
        • Web Application Penetration Test
        • Mobile Application Penetration Test
        • Desktop Application Security Assessment
        • Citrix Breakout Test
      • Configuration Review
        • Windows Server Build Review
        • Linux Server Build Review
        • Citrix Configuration Review
      • Information Assurance
        • ISO 27001 Gap Analysis
      • Cyber Essentials
    • News
    • Articles
    • About
      • About SecureTeam
      • STORM Appliances
        • Installing a STORM Device
        • Returning a STORM Device
      • White-Label Consultancy
      • Jobs
      • Cookie Policy
      • Quality Policy
      • Security Policy
      • Privacy Notice
      • Website Terms & Conditions
    • Contact Us
    SecureTeam