The Evolution of Firewalls: Past, Present & Future - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Partner Perspectives
Commentary
1/27/2015
01:30 PM
Liviu Arsene
Liviu Arsene
Partner Perspectives
Connect Directly
Twitter
Google+
LinkedIn
RSS
50%
50%

The Evolution of Firewalls: Past, Present & Future

How firewall technology has evolved to keep pace with ever-changing security needs.

Firewalls date way back to the early days of the Internet, when the World Wide Web was known as the Advanced Research Projects Agency Network (ARPANET). Just like the Internet, firewalls have constantly evolved. They have transformed into something much more than just packet-filtering mechanisms or application gateways.

It is hard to envision a world without firewalls. First developed as a method for allowing or restricting outside access to particular network resources, firewalls are currently capable of enforcing network security policies, logging Internet activity, and securing an organization’s exposure to outside threats.

Past and Present

The first generation of firewalls was used in the early 1990s, and it involved a set of simple rules that controlled outside access to internal company resources. Engineers from Digital Equipment Corp. defined a firewall as a packet-filtering system that silently discarded (or dropped) network data packets by analyzing the information in the actual packets. This was accomplished by looking at the destination address, its protocol, and the port number used.

While effective at the time, these firewalls evolved. The next generation, known as “stateful” filters, proved to be an important leap forward. These firewalls were able to retain data packets until enough information was available to make a judgment about their state. Developed during 1989 and 1990, these new circuit-level gateways added a “connection state” rule that made filtering easier, since  they could determine if a packet was part of a new or existing connection. However, this made data vulnerable to Denial of Service attacks, because the firewall could easily become overwhelmed by fake connection packets, filling its connection-state memory.

To overcome this, an application firewall known as Firewall Toolkit (FWTK) was introduced in June 1994 by Marcus Ranum, Wei Xu, and Peter Churchyard. This third generation of firewalls could identify whether a communication protocol was being abused or attempted to bypass the firewall on an allowed port. This application-layer filtering allowed the firewall to “perceive” how File Transfer Protocols (FTP) or Hypertext Transfer Protocols (HTTP) work and adapt on the fly to the ways applications made use of these protocols.

Today, what we call next-generation firewalls rely on the same analysis as the application-layer, but with more focus on deep-packet introspection. To this end, next-generation firewalls can be used to implement features such as intrusion detection and prevention, user identity integration, and Web application firewalls. The addition of Virtual Private Network services in firewalls is also a widespread practice by companies, since this allows off-site employees to access company resources when communicating over insecure network connections such as public Wi-Fi.

What Firewalls Can and Can’t Do

Firewalls are great for supporting strong user authentication, enforcing networks security policies, and logging internetwork activity. Companies use firewalls as part of their network-perimeter defense to make security decisions efficiently and protect every host on the private network from outside attacks. To this end, the company firewall becomes the only zone of risk from Internet attacks, while hosts in the internetwork are kept safe.

Firewalls cannot, however, offer protection for hosts within the network that connect to the Internet without going through the company firewall. Using an Internet connection that does not rely on the company’s infrastructure exposes the host/user to any type of attack. Firewalls also offer poor protection against unknown attacks or threats such as malware or Trojans, but can successfully complement antivirus solutions by dynamically setting new rules based on observed malware behavior.

The Future of Firewalls

Although firewalls can be deployed as both software and hardware appliances, from a system administrator’s point of view they have to be able to perform real-time network traffic introspection without affecting throughput. A large set of rules that constantly filters data packets ultimately impacts network performance and causes bottlenecks.

The future firewall needs to discern between legitimate and illegitimate traffic automatically to identify and plug never-before-seen threats on the fly. Anti-malware scanning capabilities are not beyond today’s firewall capabilities, but the current network performance impact needs to be addressed.

Multipurpose firewalls capable of performing more than just Intrusion detection will slowly begin to integrate other threat-prevention technologies. Based on the current adoption of high-speed Internet, one thing is certain: Whether they’re hardware or software, potent firewalls need to be able to filter traffic throughput of at least 10 GB per second in the next couple of years.

Firewalls will continue to evolve, and it’s clear that their range of capabilities and functionalities will expand as well.

Liviu Arsene is a senior e-threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
LauraB116
50%
50%
LauraB116,
User Rank: Apprentice
8/26/2015 | 6:52:59 AM
firewalls
It would be very helpful if you sited your research. In the begining of the article it states that we've had firewalls for as long as we had the internet (1960's), but I haven't found anything to back up that claim, and you don't mention what they were exactly. Then you said that first generation firewalls were developed in the early 1990's, but what type of firewall do you mean? Access Control Lists or Proxy firewalls?
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Author
1/27/2015 | 2:55:47 PM
Pro tempore
Indeed, wasn't this what the recent Palo Alto-Juniper patent squabble was about?  As I recall, it involved the difference between technology that didn't let suspect traffic through at all versus technology that let suspect traffic through on a pro tempore basis and then let it through or nixed it subsequently.
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
How to Assess Digital Transformation Efforts
Lisa Morgan, Freelance Writer,  5/14/2019
Commentary
Is AutoML the Answer to the Data Science Skills Shortage?
Guest Commentary, Guest Commentary,  5/10/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll