Ten things your next firewall must do

Business continuity is imperative in an increasingly competitive environment. Whilst there are growing threats from social media, increased targeted attacks and more information misuse, there is also a need to allow access to complex web based applications from any location at any time. This requirement for flexibility and ease of access has brought about new challenges to IT Administrators whose job is to ensure business security and continuity.

New firewall capabilities are needed to meet the requirements in today’s security environment- Owen Baldacchino

The firewall, a fundamental pillar in network security controls, can no longer be effective just by relying on traditional filtering for ports and IP addresses. New firewall capabilities are needed to meet the emerging requirements in today’s security environment in order to minimise downtime, maximise productivity and gain competitive advantage.

For this reason, businesses are increasingly looking at next-generation firewalls to secure their network and applications with a simplified approach and no performance degradation. The requirements vary from one organisation to another but there are 10 things your next firewall must do.

Identification and control of applications on any port: Traffic classification by application must be done on all ports since application developers no longer adhere to standard port/protocol mapping. Applications like Instant Messaging, VOIP and peer to peer file sharing are capable of running on non-standard ports whilst nowadays users have the knowledge to configure port changes.

Identification and control of circumventors: Circumventors consist of proxies, illegitimate remote access and non-VPN related encrypted tunnel applications that are used to bypass internet filtering techniques such as firewalls, URL filtering, IPS and secure web gateway. Both public and private external proxies exist using both HTTP and HTTPs. While remote access applications like Microsoft RDP and GoToMyPC have legitimate uses, applications like Ultrasurf, Tor and Hamachi are not for business use. Your next firewall should also be capable of updating itself so as to be ready for such applications that are regularly updated making them harder to detect and control.

Decryption of Outbound SSL: An increasing number of websites are steadily adopting HTTPs such as web traffic from financial services, payment systems and health care organisations. While such uses are legitimate, there is also a threat such as unclassified websites in Eastern Europe that make use of SSL on non-standard ports. Your next firewall should recognise and decrypt SSL regardless of port and number of connections while maintaining steady network throughput. Inbound SSL traffic should also be inspected as well as the use of SSH to control Port Forwarding or native use such as SCP, SFTP and shell access.

Identification and control of applications sharing the same connection: Your next firewall should allow for policy-based controls on applications that share sessions. One such example is Gmail where users can make use of Google Talk. Essentially the latter is a different application requiring appropriate policy controls. The firewall should be capable of continuously decrypting HTTPs employed by default on Google Talk while at the same time allowing the user to switch functions from e-mail to chat.

Provision of application function control: Different functions in many applications pose risks to both user and organisation for example Sharepoint Admin vs. Sharepoint Docs. Your next firewall should be able to detected each function/feature and perform a policy check every time it is used unlike conventional firewalls which classify traffic once and allow subsequent connections through.

Systematically deal with unknown traffic by policy rather than allowing it through: Firstly your next firewall must attempt to classify all traffic whether allowed or denied. In the case of custom applications, an identifier should be developed to classify such traffic as “known”. The firewall must detect for example botnets (unknown) trying to use Port 53 for communication while such port is also used by DNS (known).

Scan for threats in permitted collaboration applications: Collaboration has permitted people from physically separate locations to efficiently share and communicate with each other through tools such as Sharepoint and Google Docs. These use a combination of ports like CIFS & HTTPS in the case of Sharepoint. Hence your next firewall must be able to detect the application and protect the corporate network from threats.

Enable the same application visibility and control for remote users: Teleworking and remote usage is on the increase. With that, a new wave of security threats and administrative hassles have emerged. Your next firewall should be able to allow more granular policies for remote users with as little latency as possible while reducing cost and hassles for the organisation.

Simplify network security: Management of firewall policies should be as simple as possible especially in large organisations employing thousands of workers and hundreds of applications. Your next firewall should allow you to control applications by user rather than by port and IP address.

Deliver smooth throughout and performance while application control is fully activated: Your next firewall should safely enable applications without sacrificing performance and security. This is achieved without introducing several redundant layers of security meaning dedicated hardware with specific processing for networking, security and content scanning.

www.6pmplc.com

Mr Baldacchino is a technical consultant at 6pm.