Network security started out as a collection of simple components that performed basic functions. Security Architects had to carefully design the networks as Security devices could introduce a single point of failure and act as bandwidth bottlenecks.
Today, network security still consists of multiple components but is a far more sophisticated and comprehensive solution. Multiple products from the same of different vendors solve different problems but act as a security mesh both at the edge and within an enterprise network.
The white paper looks at the evolution of network security and how the basics have changed.
Firewalls were the first and perhaps are still the most widely deployed form of network security products. Firewalls are typically installed along the network edge acting as the boundary between a safe and untrusted zone.
Firewalls were implemented using a set of rules typically referred to as Access Lists, which defined what type of traffic, was and was not permitted to cross the boundary. They had no intelligence about network flows and were referred to as Stateless Firewalls.
Due to vulnerability of Stateless Firewalls, the next generation of firewalls had the ability to monitor and track flows to ensure that packets were exchanged between the original entities that initiated the connection. These firewalls called Stateful firewalls could inspect Layer3 and Layer 4 headers and use that information to avoid spoofing of traffic.
Secure Web gateways
As the internet usage exploded, there was a need to ensure that websites being accessed were not malicious or inappropriate. Hackers could use web traffic to infect enterprise networks which led to the developed of web gateways.
The most basic function of Web Gateways was URL Filtering; a mechanism to block certain websites that were on a pre-defined black list. Vendors would maintain known offenders and administrators would choose blacklist categories (Porn, Gambling, Malware infectors etc).
IDS and IPS
The next step in the evolution of firewalls was the active detection and prevention of intrusion. Intrusion Detection Systems (IDS) work by analyzing the traffic and employing various techniques such as signature detection, traffic pattern anomaly and stateful protocol analysis. On detection a potential intrusion, the incident is logged and alarms are generated for the administrator to investigate.
Intrusion Prevention Systems (IPS) go a step further and take active steps to actually prevent an attack from taking place.
Next Gen Firewalls (NGFW)
Next Gen Firewalls (NGFWs), integrate key capabilities combining multiple levels of protection within a single system.
- Enterprise Firewall Capabilities
- IDS and IPS
- Application Control
They include features such as
- Basic Packet Filtering, NAT, URL Filtering, VPNs
- SSL, SSH Inspection
- Malware Detection
- L3-L7 Packet and Flow Awareness
- Application Aware Filtering
As Firewalls and Security demands grow along with the massive amount of traffic that needs to be looked into, Security products have handle millions of packets per second.
Deep Packet Inspection and Application Awareness imply that dedicated network processors have to be used to handle the large volume of traffic in real time. Benison works with and has developed software for some of the most well known Firewall Products in the world. Benison has worked with Tier 1 Firewall vendors as well as Startups.
We have a specialized team to handle Network Processor development with a deep understanding of the challenges faced in DPI.
Contact us to see how Benison can help you in development and maintenance of Firewall Products.”