By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Traditional firewall technologies -- such as packet filtering and stateful inspection -- are no longer adequate because they cannot distinguish between malicious and non-malicious requests and data. Also, the diversity and volume of traffic is making it more difficult for pure "allow/block" rules to filter. For example, a firewall may only allow HTTP traffic on port 80, but such a restriction still lets SQL injection attacks through as valid HTTP requests. Spyware, similarly, could still run a communication channel to an outside server listening on port 80.
Firewall vendors have responded to these threats by developing application-layer firewalls. Compared with traditional firewalls, application-layer filtering devices certainly provide better content-filtering capabilities. They have the ability to examine the payload of a packet and make decisions based on content, allowing them to permit or deny specific application requests or commands. The firewall's functions give administrators a far greater degree of granular control over network traffic. For example, admins can allow or deny a specific incoming telnet command from a particular user. Many application-layer firewalls now allow you to create filters to intercept, analyze or modify traffic specific to your network, making it easier to adapt the firewall to protect your particular assets.
A firewall should be able to "learn" what is and isn't normal traffic for a specific network and adapt its behavior accordingly. The real problem to be solved, though, is putting network traffic into context. Is a sudden flood of outbound email being caused by the weekly e-newsletter going out, or by a compromised machine sending out spam? Is a request to list all database tables a hacker fingerprinting a database, or an administrator performing necessary duties? To be able to handle such situations, firewalls will need to integrate ever more closely with authentication systems and other perimeter defenses to add context to the traffic being monitored.
Combating application-layer attacks will always require more than just a firewall, though, no matter how sophisticated they become. Responsibility also lies with application development teams to ensure traffic that comes through the firewall is verified and cleansed before being passed on to application processes that it might try to subvert. Whatever firewall or perimeter defenses are in place, it is still necessary to assume all data originates from an untrusted source. Also remember firewalls will never prevent phishing and social engineering attacks. This means that -- as is the case with all information security efforts -- the last line of defense is employee security awareness.
Related Q&A from Michael Cobb
According to recent research, mobile certificate usage is riddled with security issues. Expert Michael Cobb explains how to best control and secure ...continue reading
Mozilla's Project Shumway was designed to replace the security-troubled Flash Player, so should it be on an enterprise's radar? Expert Michael Cobb ...continue reading
Geofencing technology creates a virtual fence on employee devices, adding a crucial extra layer of security. But do privacy concerns negate the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.