White Papers for Health Insurance Portability and Accountability Act (HIPAA)

Dude! You Say I Need an Application Layer Firewall?!

Secure Computing

Internet firewalls have been a popular tool for security practitioners since the early 1990’s. Today, they are considered a mandatory component of any industry or government network. Unfortunately, many consumers of these fundamental networking tools buy and rely on them without understanding that there can be dramatic differences between firewalls that are manufactured by competing security practitioners and their unique engineering teams. Firewall products that are brought to market based on significantly different technical design philosophies and different go-to-market strategies quite naturally introduce consumer trade-offs that should be weighed when making buying decisions. Certain firewall design trade-offs, for example, favor security over convenience, and certain firewall go-to-market strategies favor platform performance over security.
As a result of robust global market competition in the firewall space, and the growing demand for ever-improving perimeter security, software and appliance products sold as firewalls have evolved into a collection of products falling along a broad spectrum of features, benefits and, in some cases, pitfalls to take note of. From the author’s point of view, there is a clear and easily observable divide in firewall types available for purchase today when they are sorted into two simple categories based upon the manufacturer’s security design objectives. There are firewall product designs ranging from highly conservative and security-focused architectures, to designs that are highly appealing to the broad market because they offer good security “theater” in the look, feel, and marketing story but under the surface offer only simple security controls. Not all firewalls are created equal…on purpose.
In this paper, we will describe the evolution of firewalls from the standpoint of the controls that they apply on data, and we will explain why the currently accepted “state-of-the-art” firewall really represents a step backwards in most cases for securing perimeters. To many, this may seem contradictory. One only need consider the high growth rate of the installed-base of firewalls while simultaneously taking note of the dramatic increase in the number of networks being penetrated, to realize that something is going wrong in the world of perimeter security.

View the White Paper

Share or bookmarklet this web page at: