next generation firewall (noun) [Word Notes] - Hacking Humans

Summary4 min read

Hacking Humans: Next Generation Firewall (Word Notes) Hosted by N2K Networks | Release Date: October 29, 2024

Overview

In this episode of Hacking Humans, N2K Networks delves into the intricacies of Next Generation Firewalls (NGFWs), exploring their evolution, functionality, and the pivotal figures who shaped their development. The discussion provides a comprehensive understanding of how NGFWs have transformed cybersecurity measures, offering enhanced protection against sophisticated cyber threats.

1. Defining the Next Generation Firewall

Rick Howard opens the episode by clarifying the term "Next Generation Firewall." He emphasizes that "next" signifies the forthcoming or evolved version of traditional firewalls. An NGFW is described as a layer 7 security orchestration platform positioned at the boundary between internal workloads, data storage, and untrusted sources. Its primary function is to block incoming and outgoing network traffic based on rules that link applications to authenticated users. This device or software consolidates most traditional security stack functions into a single entity.

Key Features:

Logical Network Segmentation: Enables security practitioners to segment networks logically.
Security Policy Orchestration: Applies security policies across various environments, including data centers, office spaces, SaaS applications, and hybrid cloud deployments.
Deployment Flexibility: Available as both hardware devices and software applications.

2. Historical Evolution of Firewalls

The episode traces the origins of firewalls back to the 1980s at Digital Equipment Corporation (DEC) with their Screen D technology. By 1992, Marcus Ranum spearheaded the launch of the Deck Seal commercial product, built upon the open-source Gauntlet firewall. This period marked significant advancements in firewall technology, primarily driven by collaborative efforts rather than solitary innovators.

Notable Developments:

AT&T Bell Labs (Mid-1990s): Bill Cheswick and Steve Bellevin revolutionized firewall rules by shifting from a default allow-all-inbound approach to a deny-all-by-default stance, enhancing data security.
Proxy Firewall (1994): Marcus Ranum, along with Wei Hsu and Peter Churchard, introduced the first proxy firewall, capable of blocking traffic based on applications—a foundational feature of NGFWs.

3. Rise of Dominant Firewall Vendors

By the mid-1990s, Check Point emerged as the leading firewall vendor with their stateful inspection firewall. This technology simplified configuration by allowing blocking rules based on IP addresses, ports, and protocols. Near Zook, the lead developer, played a crucial role in this advancement. In 1999, Zook departed Check Point to establish One Secure, focusing on deep packet inspection firewalls—the precursor to NGFWs. One Secure was later acquired by Juniper in 2004, and Zook founded Palo Alto Networks in 2005, which released the first NGFW by 2007. This innovation prompted competitors to develop similar technologies, solidifying the NGFW market.

4. Transformation into Security Orchestration Platforms

By 2010, firewall vendors began integrating security stack subscription services into their devices, transitioning NGFWs into comprehensive security orchestration platforms. These platforms offered:

Stateful Inspection: Monitoring the state of active connections.
Application Layer Blocking: Controlling traffic based on application-specific criteria.
Hybrid SaaS Capabilities: Combining on-premises hardware with cloud-based services for enhanced flexibility and scalability.

This evolution allowed NGFWs to replace traditional serialized hardware security stacks, providing a unified solution for intrusion prevention, malware analysis, and other security functions.

5. Current Leaders in the Next Generation Firewall Market

As of 2020, the Gartner Magic Quadrant recognizes several key players in the NGFW space:

Leaders: Palo Alto Networks, Fortinet, and Check Point.
Challengers: Cisco, Juniper, and Huawei.
Visionaries: Forcepoint and Sophos.

These companies offer application firewalls supplemented with security stack subscriptions, maintaining their positions through continuous innovation and comprehensive security solutions.

6. Insights from Industry Pioneers

In a noteworthy segment, Marcus Ranum, a seminal figure in firewall development, reflects on his contributions. During an interview with Katie Taylor at Tag Cyber in February 2021, Ranum responds to being dubbed the "grandfather of the firewall." He acknowledges his role with a touch of humility:

Marcus Ranum [05:32]: "Probably everybody who's watching at least knows of you. They should. You're probably most well known for being an inventor of the firewall. I know you grimace a little bit at being called the grandfather of the firewall, but a lot of people think of you that way."

This quote underscores the collaborative nature of technological advancements and Ranum's pivotal role in shaping modern firewall technology.

Conclusion

The episode provides an in-depth exploration of Next Generation Firewalls, highlighting their definition, historical development, key contributors, and current market leaders. By tracing the evolution from early firewall technologies to today's sophisticated NGFWs, listeners gain a comprehensive understanding of how these security platforms safeguard modern digital infrastructures against evolving cyber threats.

Credits:

Word Notes Written By: Nyla Genoi
Executive Producer: Peter Kilpie
Edited By: John Petrick and Rick Howard
Sound Design & Original Music: Elliot Peltzman

Notable Quotes

Marcus Ranum [05:32]: "Probably everybody who's watching at least knows of you. They should. You're probably most well known for being an inventor of the firewall. I know you grimace a little bit at being called the grandfather of the firewall, but a lot of people think of you that way."

This comprehensive summary encapsulates the key discussions, insights, and conclusions from the episode, providing valuable information for listeners new and old.

Loading summary

Transcript5 lines

[00:02]
Rick Howard
You're listening to the Cyberwire network, powered by N2K.
[00:13]
Nyla Genoi
And now a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now you can go to wwpass.com cyberwire for 35% off the NordPass business yearly plan. Don't miss out on that.
[00:58]
Rick Howard
The word is Next generation firewall spelled next as in forthcoming generation as in version, and firewall as in barrier definition. A layer 7 security orchestration platform deployed at the boundary between internal workloads, data storage, and untrusted sources that blocks incoming and outgoing network traffic with rules that tie applications to the authenticated user and provides most of the traditional security stack functions in one device or software application. Example sentence as either hardware devices or as software applications. Next generation firewalls allow the security practitioner to logically segment the network and orchestrate the security policy across all data islands, data centers, office space, SaaS, applications, and hybrid cloud deployments. Origin and Context who gets credit for inventing the firewall is one of the great Internet spats between some of our founding fathers in the security community. As with most technological advancements, though, the origination of the idea hardly ever comes from the work of one person working in the garage by themselves, as Walter Isaacson describes in his book the innovators, published in 2014. Most times these lone geniuses sample the previous work of other researchers, devise the next step, and then work with other collaborators who can do the things they can't do to bring the creation to life. This is also true for the invention and evolution of the firewall as an idea. The firewall began in the 1980s at the Digital Equipment Corporation, or DEC for short, with their Screen D technology. By 1992, Marcus Ranum led the effort at DEC to launch the Deck Seal commercial product based on the open source Gauntlet firewall. Soon after, AT&T Bell Labs, Bill Cheswick and Steve Bellevin, in an effort not to prevent bad guys from getting in but to prevent data from getting out, flipped the firewall rule structure from allowing everything in and denying by exception to denying everything and allowing only by exception. In 1994, Marcus Ranham, along with Wei Hsu and Peter Churchard, released the first proxy firewall, the first firewall to block traffic based on applications. But by the mid-1990s check point had become the dominant firewall vendor with their version of a stateful inspection firewall, a relatively easy to configure device compared to the competition that allowed blocking rules based on IP addresses, ports and protocols. A young Near Zook was the lead developer of that new product. In 1999, Zuck left check Point to start his own company in the United States, One Secure, and to develop a deep packet inspection firewall, the harbinger of the next generation firewall. Juniper bought One Secure in 2004 and Zook left the next year in 2005 to found Palo Alto Networks. By 2007, Palo Alto Networks had released the first next generation firewall and their competitors followed their lead soon after. By 2010, firewall vendors started releasing security stack subscription services delivered from the firewall designed to replace the traditional serialized hardware security stack like intrusion prevention and malware analysis. This innovation turned the next generation firewall into a security orchestration platform and a hybrid SaaS product that could do stateful inspection, application layer blocking and a range of other traditional security stack functionality. As of 2020, the Gartner magic Quadrant lists next generation firewall leaders as Palo Alto Networks, Fortinet and Check Point challengers as Cisco, Junip and Huawei, and visionaries as forcepoint and Sophos. All of them are application firewalls that sell security stack subscriptions. In an interview with Katie Taylor at Tag Cyber In February 2021, Barkus Ranham, the lead developer of the gauntlet firewall in 1992 and one of the creative forces behind Deck's proxy firewall in 1994, gave his typical terse response to the question of whether or not he should be considered the grandfather of the firewall idea.
[05:32]
Marcus Ranum
Probably everybody who's watching at least knows of you. They should. You're probably most well known for being an inventor of the firewall. I know you grimace a little bit at being called the grandfather of the firewall, but a lot of people think of you that way.
[05:50]
Rick Howard
Well, I've had a lot of grandparents, but yeah, I was one of them. Spoken like a man who is totally over one of the early Internet spats in our cybersecurity history. Wordnotes is written by Nyla Genoi, executive produced by Peter Kilpie, and edited by John Petrick and me, Rick Howard. The mixed sound, design and original music have all been crafted by the ridiculously talented Elliot Peltzman. Thanks for listening.