Firewalls date way back to the early days of the Internet, when the World Wide Web was known as the Advanced Research Projects Agency Network (ARPANET). Just like the Internet, firewalls have constantly evolved. They have transformed into something much more than just packet-filtering mechanisms or application gateways.
It is hard to envision a world without firewalls. First developed as a method for allowing or restricting outside access to particular network resources, firewalls are currently capable of enforcing network security policies, logging Internet activity, and securing an organization’s exposure to outside threats.
Past and Present
The first generation of firewalls was used in the early 1990s, and it involved a set of simple rules that controlled outside access to internal company resources. Engineers from Digital Equipment Corp. defined a firewall as a packet-filtering system that silently discarded (or dropped) network data packets by analyzing the information in the actual packets. This was accomplished by looking at the destination address, its protocol, and the port number used.
While effective at the time, these firewalls evolved. The next generation, known as “stateful” filters, proved to be an important leap forward. These firewalls were able to retain data packets until enough information was available to make a judgment about their state. Developed during 1989 and 1990, these new circuit-level gateways added a “connection state” rule that made filtering easier, since they could determine if a packet was part of a new or existing connection. However, this made data vulnerable to Denial of Service attacks, because the firewall could easily become overwhelmed by fake connection packets, filling its connection-state memory.
To overcome this, an application firewall known as Firewall Toolkit (FWTK) was introduced in June 1994 by Marcus Ranum, Wei Xu, and Peter Churchyard. This third generation of firewalls could identify whether a communication protocol was being abused or attempted to bypass the firewall on an allowed port. This application-layer filtering allowed the firewall to “perceive” how File Transfer Protocols (FTP) or Hypertext Transfer Protocols (HTTP) work and adapt on the fly to the ways applications made use of these protocols.
Today, what we call next-generation firewalls rely on the same analysis as the application-layer, but with more focus on deep-packet introspection. To this end, next-generation firewalls can be used to implement features such as intrusion detection and prevention, user identity integration, and Web application firewalls. The addition of Virtual Private Network services in firewalls is also a widespread practice by companies, since this allows off-site employees to access company resources when communicating over insecure network connections such as public Wi-Fi.
What Firewalls Can and Can’t Do
Firewalls are great for supporting strong user authentication, enforcing networks security policies, and logging internetwork activity. Companies use firewalls as part of their network-perimeter defense to make security decisions efficiently and protect every host on the private network from outside attacks. To this end, the company firewall becomes the only zone of risk from Internet attacks, while hosts in the internetwork are kept safe.
Firewalls cannot, however, offer protection for hosts within the network that connect to the Internet without going through the company firewall. Using an Internet connection that does not rely on the company’s infrastructure exposes the host/user to any type of attack. Firewalls also offer poor protection against unknown attacks or threats such as malware or Trojans, but can successfully complement antivirus solutions by dynamically setting new rules based on observed malware behavior.
The Future of Firewalls
Although firewalls can be deployed as both software and hardware appliances, from a system administrator’s point of view they have to be able to perform real-time network traffic introspection without affecting throughput. A large set of rules that constantly filters data packets ultimately impacts network performance and causes bottlenecks.
The future firewall needs to discern between legitimate and illegitimate traffic automatically to identify and plug never-before-seen threats on the fly. Anti-malware scanning capabilities are not beyond today’s firewall capabilities, but the current network performance impact needs to be addressed.
Multipurpose firewalls capable of performing more than just Intrusion detection will slowly begin to integrate other threat-prevention technologies. Based on the current adoption of high-speed Internet, one thing is certain: Whether they’re hardware or software, potent firewalls need to be able to filter traffic throughput of at least 10 GB per second in the next couple of years.
Firewalls will continue to evolve, and it’s clear that their range of capabilities and functionalities will expand as well.Liviu Arsene is a senior e-threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and ... View Full Bio