Discover more from Lukewarm Security Info
What are they: Next-Generation Firewalls (NGFWs)
What are Next-Generation Firewalls and how do they differ from old-school firewalls? Are firewalls important? What role do they have in security?
What are Traditional Firewalls?
Traditional firewalls are network security devices that are designed to monitor and control incoming and outgoing network traffic based on predefined rules. These rules can be based on items such as IP addresses, port numbers and protocols.
To better grasp the concept of IP Addresses, ports, and protocols, imagine a moving truck filled with boxes. The moving truck has a specific house that it’s going to (IP Address). It has boxes inside that are labelled, with each label representing a different room in the house (different ports). Each of these labels, however, might be written in a different language (protocol) that need to be handled by certain people who understand that language.
These firewalls can be hardware-based, software-based, or a combination of both, sitting between the outside world and your house - like a security guard, but for your network.
Without going too complex into the different features traditional firewalls can provide, but the primary one is packet filtering.
Packet filtering just means that it can allow or block network traffic (moving boxes) based on where it came from (source IP Address), what port number it’s using (which room it’s labelled for), and the protocol (which language the label is written in).
For example, a firewall could block all packets (boxes) sent from Joe’s house, who has an IP Address of 18.104.22.168, or it could block all boxes that are labelled to go into your office (port). More commonly you’ll find ports being blocked.
What are Next-Generation Firewalls (NGFWs)?
Next Generation Firewalls (NGFWs) are an advanced version of the traditional firewall with additional features such as intrusion prevention, application visibility and control, and advanced threat protection.
Unlike traditional firewalls that simply control access to network resources based on IP addresses and port numbers, NGFWs have the ability to identify and control applications, users, and content flowing through the network, providing a more granular level of security.
What are the components of a NGFW?
Below are SOME of the common components utilised in Next Generation Firewalls (NGFWs).
1. Application control
NGFWs can identify and control applications being used on devices on your home network; including blocking access.
2. Intrusion prevention
NGFWs can detect (Intrusion Detection System - IDS) and prevents (Intrusion Prevention System - IPS) potentially malicious internet traffic (boxes) based on certain patterns or indicators.
3. Threat intelligence
Gathering threat feeds and information from other sources allows NGFWs to stay up-to-date on the latest attacks, patterns and indicators to ensure that networks stay safe from any new malicious traffic (boxes).
Next Generation Firewalls (NGFWs) are advanced network security devices that are capable of conducting all traditional firewall tasks such as packet filtering, but also include features such as intrusion prevention, application visibility and control, and advanced threat protection (threat feeds, pattern and behaviour identification).
Overall, traditional firewalls are still an essential part of network security, but have limitations in dealing with advanced threats and the growing complexity of network traffic. This has led to the development of Next Generation Firewalls (NGFWs), which offer more advanced capabilities and provide a higher level of protection in this next generation of threats.