Forum latest

Firewalls Ready for Evolutionary Shift
General
Written by Daniel   
Thursday, 29 November 2007 11:14
Next-generation firewalls will come with true IPS integration and app-awareness, but experts say ability to distinguish data is key

NOVEMBER 28, 2007 | 5:45 PM
By Kelly Jackson Higgins
Senior Editor, Dark Reading

First it was ports, then protocols, and now, applications: A new generation of firewalls is slowly emerging with more sophisticated inspection and blocking features at higher speeds. These new devices will not only do intrusion prevention, but also filter by application type.

The protocol inspection method used by traditional firewalls is no longer enough, as more and more applications use Port 80, or HTTP.

"It's increasingly clear that 10 years from now, virtually everything will run on port 80, alongside Web browsers, which means that 90 percent of the rules in today's firewalls will be irrelevant," says Thomas Ptacek, principal with Matasano Security.

Palo Alto Networks says its so-called App-ID technology in its PA-4000 firewall addresses the Port 80 problem by using signatures and other known characteristics of specific applications to identify them on the network. "We classify the traffic, then you can secure it with antivirus, anti-spyware," etc., says Nir Zuk, founder and CTO of Palo Alto Networks. "First we decrypt SSL traffic and figure out what it [the application] is" using the App-ID technology and its repository of application characteristics, he says. (See Startup Puts New Spin on Firewalls and Palo Alto Networks Unveils its Next-Gen Firewall).

Most major firewall vendors are planning an "all-ports/all-protocols" approach similar to Palo Alto Networks' for their products, Matasano's Ptacek says. But merely adding application protocol awareness is not the solution to the Port 80 problem, he contends: "The Port 80 problem is that both PeopleSoft and Digg use the same protocol, HTTP," for instance, he says. "How do you differentiate?"

Firewalls must go deeper than this approach -- there are just too many apps to account for, he says. "When both Digg and PeopleSoft use the same protocol, it's clearly not enough to know what the protocol is," he says. "The problem is that there are thousands and thousands of applications."... More   Comment in the Forum
 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either