The Evolution of Firewalls: Past, Present & Future - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives
01:30 PM
Liviu Arsene
Liviu Arsene
Partner Perspectives
Connect Directly

The Evolution of Firewalls: Past, Present & Future

How firewall technology has evolved to keep pace with ever-changing security needs.

Firewalls date way back to the early days of the Internet, when the World Wide Web was known as the Advanced Research Projects Agency Network (ARPANET). Just like the Internet, firewalls have constantly evolved. They have transformed into something much more than just packet-filtering mechanisms or application gateways.

It is hard to envision a world without firewalls. First developed as a method for allowing or restricting outside access to particular network resources, firewalls are currently capable of enforcing network security policies, logging Internet activity, and securing an organization’s exposure to outside threats.

Past and Present

The first generation of firewalls was used in the early 1990s, and it involved a set of simple rules that controlled outside access to internal company resources. Engineers from Digital Equipment Corp. defined a firewall as a packet-filtering system that silently discarded (or dropped) network data packets by analyzing the information in the actual packets. This was accomplished by looking at the destination address, its protocol, and the port number used.

While effective at the time, these firewalls evolved. The next generation, known as “stateful” filters, proved to be an important leap forward. These firewalls were able to retain data packets until enough information was available to make a judgment about their state. Developed during 1989 and 1990, these new circuit-level gateways added a “connection state” rule that made filtering easier, since  they could determine if a packet was part of a new or existing connection. However, this made data vulnerable to Denial of Service attacks, because the firewall could easily become overwhelmed by fake connection packets, filling its connection-state memory.

To overcome this, an application firewall known as Firewall Toolkit (FWTK) was introduced in June 1994 by Marcus Ranum, Wei Xu, and Peter Churchyard. This third generation of firewalls could identify whether a communication protocol was being abused or attempted to bypass the firewall on an allowed port. This application-layer filtering allowed the firewall to “perceive” how File Transfer Protocols (FTP) or Hypertext Transfer Protocols (HTTP) work and adapt on the fly to the ways applications made use of these protocols.

Today, what we call next-generation firewalls rely on the same analysis as the application-layer, but with more focus on deep-packet introspection. To this end, next-generation firewalls can be used to implement features such as intrusion detection and prevention, user identity integration, and Web application firewalls. The addition of Virtual Private Network services in firewalls is also a widespread practice by companies, since this allows off-site employees to access company resources when communicating over insecure network connections such as public Wi-Fi.

What Firewalls Can and Can’t Do

Firewalls are great for supporting strong user authentication, enforcing networks security policies, and logging internetwork activity. Companies use firewalls as part of their network-perimeter defense to make security decisions efficiently and protect every host on the private network from outside attacks. To this end, the company firewall becomes the only zone of risk from Internet attacks, while hosts in the internetwork are kept safe.

Firewalls cannot, however, offer protection for hosts within the network that connect to the Internet without going through the company firewall. Using an Internet connection that does not rely on the company’s infrastructure exposes the host/user to any type of attack. Firewalls also offer poor protection against unknown attacks or threats such as malware or Trojans, but can successfully complement antivirus solutions by dynamically setting new rules based on observed malware behavior.

The Future of Firewalls

Although firewalls can be deployed as both software and hardware appliances, from a system administrator’s point of view they have to be able to perform real-time network traffic introspection without affecting throughput. A large set of rules that constantly filters data packets ultimately impacts network performance and causes bottlenecks.

The future firewall needs to discern between legitimate and illegitimate traffic automatically to identify and plug never-before-seen threats on the fly. Anti-malware scanning capabilities are not beyond today’s firewall capabilities, but the current network performance impact needs to be addressed.

Multipurpose firewalls capable of performing more than just Intrusion detection will slowly begin to integrate other threat-prevention technologies. Based on the current adoption of high-speed Internet, one thing is certain: Whether they’re hardware or software, potent firewalls need to be able to filter traffic throughput of at least 10 GB per second in the next couple of years.

Firewalls will continue to evolve, and it’s clear that their range of capabilities and functionalities will expand as well.

Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
Joe Stanganelli,
User Rank: Author
1/27/2015 | 2:55:47 PM
Pro tempore
Indeed, wasn't this what the recent Palo Alto-Juniper patent squabble was about?  As I recall, it involved the difference between technology that didn't let suspect traffic through at all versus technology that let suspect traffic through on a pro tempore basis and then let it through or nixed it subsequently.
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll