The relevancy and necessity of the firewall has been debated with varying opinions on the future of the security device.
In the first episode of the SC Studio TV channel, the panellists were asked whether the firewall is unnecessary. A question claimed that firewalls are now based on port and protocol based attacks, and more and more attacks are now coming through SSLs and URLs and web-based attacks.
SC editor Paul Fisher asked whether firewalls are becoming irrelevant. Panellist Nick Lowe, regional director for Northern Europe at Check Point, claimed that it ‘gets to the root of where the firewall is in the architecture'.
Lowe said that the questioner was ‘making a very valid point in the sense that a firewall is primarily involved with port control, but if you look at what the hacking community are doing they are not looking at the port that is used as there are thousands of ports out there and every application has different calls and different ports'.
Lowe said: “The way the firewall is emerging is looking at and starting to provide intelligence on how those ports are being used, so for instance it is very simple to set something up on the first initiation of the session, you open that port up and use it for non-legitimate purposes.
“Take an example, something like sasser blaster from a few years ago, you could propagate around. It uses the port, it uses known vulnerabilities inside the systems architecture, but the important thing is to say ‘I'm looking at an information flow and I'm expecting a certain sequence of events'.
“When these events do not occur as you would expect them, then you start deducing with quite a high level of confidence that something is not right and you can take decisions as to whether you shut down or control that, whatever you're going to do with it. The firewall has progressed from purely port control.”
Simon Langton, head of managed services and operations at Vistorm, claimed that there ‘are attacks against firewalls themselves and attacks against the application infrastructure that the firewalls protect, so there are two distinct disciplines'.
Also on the panel was Martyn Croft, CIO for The Salvation Army UK, who said: “I'd rather be worrying about the few ports and protocols that I know about while keeping the rest at bay, perhaps one of the biggest wake ups that we all had was the advent of things like SQL slammer which came through a perfectly legitimate port and wreaked havoc across any network that it could find.”
Lowe further commented: “The targeted attack at the firewall has reached a level, I'm not suggesting you pull it out, but they are now looking at scanning ports, they are looking at the policy, they are looking at weaknesses through the infrastructure for open ports that they can use. They are looking at what sort of traffic is going through those ports and how they can get those packets through your structure into those ports.”
Commenting, Frederic Ponzo, managing director of Net2S, said: “It is like the car industry, before you had one or two choices of a standard model but now there are all different options that give you more sophisticated technology. It is more than a box that sits and protects the ports.
“There are thousands of ports to protect and business flows through about a dozen, so you don't need one enormous ‘mother of all firewalls' to sit and control everything, you compare between safety and performance and what is relevant to the application.
“The key thing is that firewalls as a big time security device is not an advantage anymore, each application has its own profile in terms of compliance and the balance of performance and security, the more security there is the less performance, and vice versa.”