A Next Generation Firewall or NGFW is an integrated network platform that combines a traditional firewall with other security system functionalities like an application firewall, Intrusion Prevention System or IPS, SSL/SSH interception, QoS/bandwidth management, malware inspection etc. An NGFW includes the typical functionalities of a traditional firewall, yet it is much more powerful than a traditional firewall in detecting and preventing attacks and enforcing security.
Traditional Firewall and how it works
A traditional firewall monitors incoming and outgoing network packets of a system and prevents unauthorized access depending on some pre-configured rules.
A traditional firewall filters traffic based on mainly the following parameters :
Source IP address and destination IP address of the network packets.
Source port and destination port of the inbound and outbound traffic.
Current stage of connection.
Filtering rules based on per process basis.
So, though a traditional firewall is good in ensuring security, it is not sufficient. One has to rely on other security solutions like IPS, anti-malware products, content filtering packages etc to ensure proper security.
The disadvantage of using different network security techniologies separately is it increases administrative cost and degrades network performance. An NGFW combines multiple network security technologies to provide better security mechanism while taking care of most of the disadvantages of using seperate security solutions at a time.
Next Generation Firewalls
An NGFW typically includes :
Intrusion Prevention System
Filtering traffic per application basis.
QoS or Quality of Service to guarantee network throughput
An NGFW uses Deep Packet Inspection or DPI using which it can examine the data part of the network packets and search for protocol non-compliance, virus, spam, intrusions and other statistical information to filter the traffic and enforce security in a better way.
An NGFW can monitor and filter traffic per application basis instead of port basis, which enables it to troubleshoot network problems in a better way. It can also associate network traffic with specific user or group of users, which helps in enforcing better acceptable-use policies.
NGFW can intercept the encrypted SSL and SSH traffic to look for any malicious traffic concealed in the encrypted traffic. And, this enables it to detect advanced threats and attacks.
And, as NGFW integrates multiple security technologies in an efficient manner, it improves network performance over using different security technologies separately.
Advantages of Next Generation Firewalls
An NGFW has a number of advantages over traditional firewalls. Some of the most important ones are listed below :
Lower Administrative Cost
In an NGFW, all the above mentioned security technologies are installed and configured as a unit. As a result, it reduces administrative cost significantly.
Easier to identify threats
An NGFW monitors the network traffic and reports all the events through a single reporting system, which is much more convenient than using different security techniologies separately.
Inspection of SSL/SSH traffic
Malware can be concealed in an encrypted SSL/SSH communication. For example, botnets and Advanced Persistent Threats often create SSL tunnels and exchange communication with the attackers. But, traditional firewalls cannot decrypt SSL/SSH traffic. As a result, the attackers can take advantage of that to make attacks.
NGFW can decrypt and inspect SSL/SSH traffic using Deep Packet Inspection and filter network traffic based upon that.
Filtering based on application
Traditional firewalls can filter traffic based on port, but that may prove to be inconvenient at times.
NGFW can associate traffic based on application, which enables it to block or monitor network traffic per application and troubleshoot problems based on that.
Identifying network traffic by users
Traditional firewalls cannot associate network traffic to users easily. One has to laboriously look at the log files for that purpose.
But, as NGFW can easily associate network traffic to specific users, it helps in enforcing better acceptable use policies.
For example, in a company marketing and Human Resource group may need to access some social networking sites, but others need not. Using NGFW one can easily set proper acceptable-use policy for that purpose.
Similarly, a company may allow its employees to access some social networking sites to make posts or comments, but may not allow them to play games. Using NGFW the company can set required policies easily.
Improved Network Performance
Using different network security technologies separately often causes degradation of network performance. Administrators often need to respond to that by disabling monitoring of certain ports, disabling some firewall rules or limiting Deep Packet Inspection which compromise network securities.
But, as NGFW integrates multiple network technologies together efficiently, it improves network throughput without having to trade off security for performance.
So, be informed about various security technologies so that you can protect your systems in a better way. And, stay safe, stay protected.