Firewalls are one of the most valued arrows in the information security quiver. They are so ubiquitous that sometimes...
people forget that firewalls are an ever-evolving technology.
More than 40% of respondents to a recent SearchSecurity.com survey said firewalls hold "great promise" for securing their organization's data, computers and Web sites. The only other technology or security strategy that was seen to have greater promise was disaster recovery.
Today, firewalls are asked to do everything from parsing XML to handling intrusion prevention. "Firewalls are rapidly evolving in their roles, and the boundary between firewalls and other infrastructure elements is becoming blurry," said Fred Cohen, an information security luminary and an analyst with the Burton Group. Cohen recently released a study called "The Evolving Role of Firewalls."
Back in the proverbial day, firewalls were pretty simple. Only a few rules were required to allow the "good guys" in and keep the "bad guys" out. Now, firewalls handle a host of other duties. For example, firewalls are being integrated with virtual private networks and with intrusion-detection systems. The reason for this push is that companies are sick of adding and managing more devices to their networks, Cohen said.
On the other hand, there are more specialized firewalls, which have limited functionality. For example, special firewalls are needed to screen XML transmissions, which can sail through most firewalls.
Beside becoming more integrated and specialized, firewalls are becoming more localized. They are used to block off departmental areas of the network and are enjoying a greater presence on PCs.
No one would argue that a modern company with a network doesn't need a firewall at the gateway, but there are some differences of opinion over whether personal firewalls are needed.
On one hand, they can protect against a worm that happens to slip into a company through Web-based personal e-mail. On the other hand, users are not very familiar with personal firewalls, and managing them could be an issue. "If your users don't know what is going on, then they are not such a great idea," Cohen said.
Cohen does recommend personal firewalls for users who access a network remotely with laptops. These users usually don't have the protection of a main firewall at the gateway.
The specialization of firewalls means there will be tradeoffs, Cohen said. There is the tension between the idea of a distributed approach and the idea of a centralized one. Is it worth the performance hit to have to decrypt encrypted data at the firewall in order to inspect it? Is performance more important than deep inspection?
"The lack of a clear picture [integrating] intrusion detection, special-purpose filtering devices and other services into infrastructure makes many enterprises hesitant to adopt integrated firewall solutions until the market clarifies," Cohen said.
FEEDBACK: Is your enterprise hesitant to use a specialized firewall?
Send your feedback to the SearchSecurity.com news team.