Sometimes it seems like malware and dangers on the Internet progress even faster than benefits and new applications. Trying to keep pace defending against these issues is one of the primary functions of a firewall. Selecting the right firewall to meet your cyber security needs is critical, as is knowing the difference between traditional and next generation firewalls. The name “firewall” comes from a construction term for an impregnable barrier within a structure intended to retard or prevent a fire from overtaking crucial areas, not unlike an airlock in a submarine or space vessel.
Traditional firewalls
A firewall, traditional or next generation, acts as a filter of incoming and outgoing information in a network. Traditional firewalls can either regard or disregard states. If the traditional firewall doesn’t discern between states, it will literally check every single packet of information that passes it, in either direction, according to a prescribed set of rules. When a traditional firewall does monitor states, it not only checks the packets, but also where they are in their lifetime: beginning, active use, or end. Traditional firewalls are, however, inherently limited to assessing layers two through four.
Next Generation Firewalls (NGFW)
The advances made in NGFW, from traditional firewalls, are myriad. The first addresses a major flaw in TFW, offering inspection of layers two through seven. As a result, the administrator has more granular control over policies. Another major difference is application awareness. Instead of relying on preset links between applications and ports, the NGFW makes no assumptions and checks all traffic. This closes a major loophole that had previously allowed some malware to slip through. The way in which NGFW assess the identity of the data packets is also different from TFW, relying on Active Directory or LDAP. This is an improvement on previous iterations that made it more challenging or impossible to differentiate between various user’s permissions and access. NGFW also employ a fully integrated intrusion protection system, whereas TFWs utilized a discrete appliance. Finally, NGFW also gives users the option of using either bridged (also known as transparent) or routed modes, allowing them to interact with sites that still employ TFW.
What about Web Application Firewalls?
Despite having the same name, web application firewalls (WAF) have an entirely different use than a traditional or NGFW. WAF are used to prevent coding errors from becoming critical or disrupting services. They don’t do any monitoring of traffic or packets, either incoming or outgoing. They don’t prevent or detect malware, and they can’t limit what sites users visit, for safety or propriety. Unless you know specifically that you need a WAF, having one doesn’t increase the general or specific protection of your physical or cloud-based server.
