The firewall has turned 25 years old this year. In commemoration, McAfee created a timeline of the events that shaped the development of the device most of us rely on the protect ourselves from each other. The infographic shows how the firewall’s evolution coincided with high-profile security events:
1995: WM/Concept first virus to spread through Microsoft (MSFT) Word- 2000: First denial-of-service attack discovered
- 2008: Conficker infects 9-15 million Microsoft systems.
These security breaches triggered security developers to react with more advanced firewall technology:
- 1998: Evasions researched
- 2009: Native clustering for high availability and performance introduced
- 2012: Software enabled security introduced, making blade technology obsolete.
The first generation firewalls were called Packet Filters. Packet Filter firewalls look at network addresses and ports of the packet and determine if that packet should be allowed or blocked based on rules programmed by humans. If a packet does not match the packet filter’s ruleset, the packet filter will drop or reject the packet, breaking the connection.
The second generation firewalls do stateful packet inspection. According to Wikipedia, second generation firewalls record all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. Though static rules are still used, these rules can now contain a connection state as one of their test criteria.
Third-generation firewalls use application layer filtering which can “understand” certain applications and protocols (such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP)). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port or detect if a protocol is being abused in any harmful way.
Pat Calhoun, SVP at McAfee, explained in a Help Net Info article that it was not until 2009 when the fourth generation firewall we know and love began to evolve. In 2009 Gartner published its definition and a paper on “Defining the Next-Generation Firewall. (PDF)” According to its definition, NGFWs are:
…deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.
In its paper, the Gartner authors explain that “Firewalls need to evolve to be more proactive in blocking new threats, such as botnets and targeted attacks.” Mcafee’s Calhoun points out that NGFW discussions started in 2003 but the technology really didn’t get on the right track until Gartner defined it in 2009.
rb-
Future NGFW development efforts need to integrate application control, IPS, and evasion prevention into a single, purpose-built box with enterprise-scale availability and manageability solution.
Back in the day, 2000, I managed a Checkpoint firewall IPSO ver 3.0 on a Nokia appliance (IP300?). The thing was the network had been up and running for 3 years and included over 3,000 devices before the Checkpoint was put in. Can’t get away with that now, a naked PC on the Innertubes will be compromised within minutes to hours, according to those who know that kind of stuff.
The most vivid recollection of setting the thing up was just randomly mashing on the keys to create the first key. Other network guys were amazed because apparently, this was the first firewall many had seen with a GUI to configure the rules.
I also remember learning the hard way that Deny All goes at the bottom of the list, not the top.
Related articles
- Enterprise Firewall Market: Global Forecast to 2019 by Professional Services (mynewsdesk.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
GreatLand will start with $7.8 billion in debt, according to a 
