In the beginning our original Firewalls were pretty simple things; they controlled ingress and egress for our networks and combined basic stateful inspection with simple NAT translations. This brought some issues to a network admin but this rarely extended past the need to allow active FTP.
With the advent of increasing bandwidth came the site-to-site VPN and suddenly our Firewalls were VPN terminating devices and application inspection was starting to become more commonplace but still they were fairly simple devices. Anything other than static routing was actively discouraged and the role of the Firewall was still clearly defined at the network perimeter.
We then started to see Firewalls deployed in front of server farms to segregate users from servers to ensure that users did not have unlimited access to whatever they wanted to access and the idea of using Firewalls for segmentation became a reality.
What followed soon after was the idea of Unified Threat Management, suddenly our Firewalls were capable of performing standard Firewall functions and the ability to scan traffic flows for viruses, malware, spam and use Layer 4 applications in the rule set. In reality, the hardware didn’t have the capability to provide all these functions at once and throughput on these devices became intolerably low once features were enabled.
At this point many vendors went back to the drawing board and redesigned the Firewall, the “Next Generation Firewall” was born and utilised separate and specific chipsets within a single hardware chassis to allow us to use all of these features at once without degrading performance and introducing bottlenecks to the network. With this came true Layer 4 inspection, no longer was a Layer 4 protocol identified solely by a port number but now it was a combination of port numbers and actual protocol requests within the traffic flow. By classifying defined processes and destinations we became able to allow or deny specific components of any web application.
We now have a huge degree of control over each and every traffic flow within our networks many don’t know where to begin when creating a rule set and now we have the added complexity of virtual systems so we can deploy many Firewalls on a single hardware chassis. Micro-segmentation has become common with Layer 2 Firewalls deployed between subnets to monitor and provide inline IPS at multiple locations throughout the network.
These new Firewalls also link into many cloud services allowing them to query databases for a traffic flow and if it is recognised as rogue, apply a rule to all of our Firewalls immediately to stop the threats in their tracks. This means we have Firewalls that are dynamically configured, can learn without input from us and have almost limitless deployment options.
This leads us to ask, where does the Firewall go next?
We face immediate challenges with the advent and adoption of IPv6, huge blocks of publicly routable addresses will soon be applied to our internal networks, the safety of RFC 1918 addresses hiding behind NAT is suddenly removed and the configurations on our Firewalls could be negated. As applications continue to evolve and we become more application centric in our usage, attack vectors become ever more advanced and continue to evolve as fast as we can find and stop them.
Our users are becoming more “tech savvy” and all of our old warnings are being disregarded, attackers realise they have multiple devices and all of these devices are connected to our networks allowing attackers multiple entry points and free rein to choose the one with the weakest defences.
Does the Firewall of the future become even more of a transparent device, migrating towards the processor of every machine on the network providing personal protection, controlled by an all seeing eye or do we continue to place multiple listening devices within our networks that report back to the Firewalls controlling ingress and egress to allow them to make decisions?
Whatever happens, the benefits of IPv6 will continue to drive adoption, our demand for applications will continue to drive their development and the attackers will continue to try and avoid detection while maximising their revenue.
At AVR we have an agnostic approach to all of our products so whether you’re looking to update, replace or enhance your Firewall estate we can talk you through the pros and cons in your environment. Even if you just want to talk through your current provision for peace of mind, feel free to get in touch with us.
Blog post written by Techie Andy James