Logout

NGFW (Next-generation Firewalls)

JSR:

NGFW protection generally looks at payloads. i.e inspection of packets, not just signatures.
There are characteristics that a firewall would have to count as NGFW, which you can see below in Jana's notes.

(Also, do refer to former links to see info about actual anomaly-based detection and whitelisting techniques.)

Advantages of NGFW: More efficient, even though delving deeper

Disadvantages of NGFW: Do take a lot more system resources, and are naturally slower than they would be otherwise.

Jana:

Why must contents of packages be inspected, as opposed to just filtering the kinds and origins of network traffic?
Data packet inspection “examines the data part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions, or defined criteria to decide whether the packet may pass or if it needs to be routed to a different destination, or, for the purpose of collecting statistical information.
http://en.wikipedia.org/wiki/Deep_packet_inspection
Using packet analyzer (computer program or computer hardware) data stream flow is stopped at networks, where packets can be decoded into raw data to show value of various fields of the packets and analyzes its content according to the appropriate RFC (Request for Comments) or other specifications.

http://en.wikipedia.org/wiki/Packet_analyzer
http://en.wikipedia.org/wiki/Request_for_Comments

What are the characteristics of Next Generation Firewalls (NGFW)?
Traditional Firewalls: cannot look at the payload of data of network packets and do not distinguish between different Web traffic forms and therefore cannot apply correct business policies.
UTMs (Unified Threat Management) have many security functions on one platform and are used to prevent from intrusion or inspect packets more carefully.

Next Generation Firewalls inspect traffic and application awareness drawbacks of stateful inspection firewalls.
Next Generation Firewalls distinguishes between different applications (including Web applications, e.g. Hulu vs. Salesforce.com) and assigns different policies depending on the application.
NGFW have the ability to deeply inspect packets in traffic to find anomalies or malware. However, unlike the previous firewalls and UTMs, it only does this once instead of through multiple processes.
NGFW are “a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks." - Gartner

A list of things the NGFW should have (copied from the link below. Most of the things are so technical that there is no point in trying to paraphrase it):

• Non-disruptive in-line bump-in-the-wire configuration
• Standard first-generation firewall capabilities, such as network-address translation (NAT), stateful protocol inspection (SPI) and virtual private networking (VPN)
• Integrated signature-based IPS engine
• Application awareness, full stack visibility and granular control
• Ability to incorporate information from outside the firewall, such as directory-based policy, blacklists and white lists
• Upgrade path to include future information feeds and security threats, and SSL decryption to enable identifying undesirable encrypted applications

http://www.networkcomputing.com/security/next-generation-firewalls-101/240149730

Basically: safer, more inspection, less processing