Finding a standard way to manage firewalls is something that is necessary, but it will take pressure from users to make it happen. Such was the message of a firewall expert and several users contacted by SearchSecurity.
A standard for managing firewalls will help coordinate "several devices and software packages being used to provide firewall, packet filtering, proxy services, and intrusion detection," said Perry Godwin, wide area network administrator at Dart Container in Mason, Michigan.
"The manufacturers will only develop a standard if there is pressure from their customers for one," Perry said. "And currently, I don't see any one vendor having a sufficient percentage of the market to be able to declare a de facto standard."
Currently, there are some common elements of philosophy underlying the management of different firewalls, said Brian Monkman, firewall program manager at ICSA Labs. "But I don't know of any firewall manufacturers that are working together on a single management point," he said.
Why aren't the firewall vendors developing something a lot of their customers would love? "It's a competitive environment. They don't want to give up anything," Monkman said.
Some users agree with firewall vendors' reticence to develop a common way for firewall management. "I cannot see where a central console for firewall management would benefit anyone since it's a single point of attack, and the different firewalls are generally used for different functions," said Thomas Seidner, manager of Advanced Technology Group WorldTravel BTI.
Firewall vendors offer different products because "one works better in one environment than another," Seidner said. Also, simultaneously installing different firewalls makes it more difficult for hackers to get through to your critical applications. "A standard, if not implemented correctly, could negatively impact a secure design," he said.
The reality is many companies are using firewalls (and other security devices) from multiple vendors, Monkman said. Some organizations even require for example the use of two different firewalls back-to-back. Such an approach protects the company against the possibility that a specific product or product family has a serious design flaw that could make it fail, Monkman said. This way also takes advantage of the different kinds of firewalls.
Technically, a single management point is possible. Yet many firewall vendors are concentrated on making their firewalls work well with their other networking products. "Their primary interest is all their own products work well together," Monkman said.