Most users trust their systems boundlessly and they doubt that their data can ever be stolen and fall into the wrong hands because they are not aware of the risks.
Firewall protection systems have accompanied the development of network since the late 1980s. Starting from simple packet filters through statefull firewalls, they have evolved to become the current Next Generation Firewalls and Unified Threat Management (UTM) integrated systems.
A breakthrough in the market of firewall systems, which occured in recent years, consisted in the increase in their efficiency. As a result, they ceased to be the systems installed only at the point of contact with the Internet or in segments with small data flows. The introduction of firewalls with the capacity of several dozen or several hundred gigabits (Gbps) makes it possible to install them in the cores of many networks – thus creating another layer of protection of IT resources. At the same time, it greatly simplifies security management. Instead of many dispersed security points that have been installed in the access layer so far (which was caused by their low efficiency), it is possible to concentrate the inspections at the level of the cluster in the core of the network.
"By 2020, around 60% of businesses providing online services will suffer heavily because of the lack of solutions and skills of IT teams that would enable them to counteract such threats."
Nowadays, firewalls are no longer isolated islands, but have become part of a coherent infrastructure of network security and user management. The standard devices, that enabled traffic control at the level of open/closed TCP/UDP port, are being replaced by Next Generation firewalls, which enable traffic control at the level of a given user or group through integration with directory services (LDAP, Active Directory, etc.). As a result, the problem known to many administrators, for example, opening the TCP 80 port which allowed not only for http traffic but also enabled tunnelling of many applications that were harmful to business (e.g. communicators, peer-to-peer traffic), disappears. Currently, it is possible to choose which applications can work using port 80 and to control who and when can use particular applications (based on user data obtained from directory services).
Firewalls are also more and more often integrated with NAC (Network Access Control), SSL VPN and IPS systems – thus enforcing security policies (enforcers).
If the budget for a security system is limited, the UTM (Unified Threat Management) systems are used more and more frequently. These are devices which, in addition to the firewall function, offer also:
UTM systems are often used in the case of multi-branch companies with dispersed access to the Internet. The frequently non-deterministic efficiency of the UTM systems is their drawback – especially when running an advanced antivirus scan and IPS.
The Intrusion Prevention Systems (IPS) constitute an indispensable element complementing the firewall in protecting key network segments. They are usually more complex to configure and less deterministic in terms of the supported bandwidth.
The process of selection and configuration of the IPS system should take into account, among others: a well selected and implemented IPS system is not only a security device but it is also a system that helps in inventorying the network and creating the so-called baselines for a properly functioning network. Later on, deviations from baseline characteristics allow to identify worrying trends and events occurring in the network.
There are two basic technologies for providing such access:
In addition to creating an encrypted and authenticated tunnel, the leading VPN solutions provide a range of functionalities that enhance the usefulness and security of remote access: