Transcription
International Journal of Scientific & Engineering Research Volume 11, Issue 1, January-2020ISSN 2229-5518795A Brief Survey on Next Generation FirewallSystems over Traditional Firewall SystemsSaurav P.JABSTRACTIntroducing a next generation firewall security for all systems and devices. These Days, security is been a requirement and a needfor all data’s, information, details etc to be secured. Firewalls are also called as the great wall of networks, in which they protect heavyanonymous threats, bitcoins heist, packet filtering etc. Firewalls act as security gateways which examine the ingress and egress traffic betweenLAN and WAN networks. Where default, all firewalls filter and allow traffic to flow if it matches a precise rule exception, otherwise all traffic willbe disavowed by an implicit deny-all rule that is the absolute and final rule of a firewall. Traditional network firewall cannot be used for latestiot devices and home security systems, to overcome the disadvantages of the traditional firewall, next generation firewalls are introduced. Thispaper gives the empirical study of tradition firewalls, and latest technology in Next Generation firewalls like (NGFW), UTM, which brings a newlevel of security among the unsecured world.KEYWORDS: Next generation firewall, traditional networks, IPS, IDS, UTM, special (NGFW) features, types of traditional firewall systems,limitations, similarities and differences between two firewalls, NGFW management and deployment.—————————— ——————————1.INTRODUCTIONThe results for these two devices would be very differentbased on these testing methods. This makes comparisons ofresults almost impractical when getting values directly fromthe products.IJSERA next generation firewall (NGFW) is, as Gartner says it, a“deep-packet inspection firewall that moves away fromport/protocol inspection and blocking to add applicationlevel inspection, intrusion prevention, and bringingintelligence from outside the firewall”. A next-generationfirewall defines the latest evolution in firewalls that taketraditional firewall objectives of packet filtering, network,port translations and stateful inspections adding additionalfiltering, that includes inspecting and prevention of networktraffic. Execution of a firewall while executing thesefunctions is important in determining which product shouldbe selected by an organization.When assessing firewall performance, there are severalplaces that an organization will get the values. They couldgo to the product vendors and ask for the accomplishmentof their products directly and they try to compare. Oneproblem arises with this methodology: which are the valuesthat the firewall might provide hypothetically not be an“apples-to-apples” comparison but an “apples-to-oranges”comparison. For example, products might report a value ofnumber of packets through an interface. One product mightcount packets by sending packets with a low payload.Another product may count packets that are sent with a sizeof 64k payload.Another way for an organization when attempting tocompare firewall performance results, it can run the testingon their own. First, an organization must figure out how toconfigure a firewall. It would be incompetent to create thetest cases, so therefore it would be best to go find therequirements for benchmarking a firewall.As Stewart mentions: “Listing the types of firewalls isalmost like listing the taxonomy of the animal kingdom inbiology. The variations, models, and versions are numerous.In addition, opinions vary about what is and is not afirewall.”2.FIREWALL DIAGRAMSaurav P.J, B.E computer science engineering in“RAJALAKSHMIENGINEERINGCOLLEGE”.Thandalam, Chennai, Tamil Nadu, India. EMAIL:sauravpj@gmail.com.Figure-1 courtesy-google, general design of a basic firewallconnection with network.IJSER 2020http://www.ijser.org
International Journal of Scientific & Engineering Research Volume 11, Issue 1, January-2020ISSN 2229-5518It is a simple firewall architecture that tells about variouselectronic devices which is been connected across thefirewall device using internet as shown in the above figure.3.2 LIMITATIONSA firewall is a software program or a hardware device thatfilters the information’s (packets) coming via the Internet toyour personal computer. Firewalls decide to allow or blocknetwork traffic between devices based on the rules that arepre-configured by the firewall administrator.3.TRADITIONAL FIREWALLSA traditional firewall is defined as a device that controls theflow of traffic allowed to enter or exit a point within thenetwork. It can typically do, either using a “stateless”method or “stateful” method, depending on the type ofprotocol being used. Traditional firewalls can only tracktraffic on layers 2-4.796 Firewall cannot scan every incoming packet formalicious contents. So, it cannot protect the internalnetwork from virus threat. So Internal traffic cannotbe handled effectively. It does not provide (IDS) Intrusion DetectionSystem. It cannot protect against any attacks or threats thatbypass the firewall.These limitations should be undertaken seriously in the nextgeneration firewall (NGFW) in which the securitytechniques will be advanced over traditional firewalls.4. EVOLUTION OF NEXT GENERATION FIREWALLIJSERImproved detection of encrypted applications and intrusionof prevention services. Modern threats like web-basedmalware attacks, targeted attacks, application-layer attacks,and more have a notable negative effect on the threat areas.3.1 TYPES OF TRADITIONAL FIREWALLS3.1.1 PACKET FILTERSPacket filtering is a firewall technique that is used to controlnetwork access by supervising outgoing and incomingpackets and allowing them to permit or halt based on thesource and destination Internet Protocol (IP) addresses,protocols and ports. It is bounded by a set of rules.3.1.2 APPLICATION-LEVEL GATEWAYAn application gateway or otherwise called as applicationlevel gateway (ALG) is a firewall proxy technique whichoffers network security. It filters incoming node traffic tocertain specifications (conditions) which mean that onlytransmitted network application data is filtered. Suchnetwork applications include File Transfer Protocol (FTP),Telnet, Real Time Streaming Protocol (RTSP) and BitTorrent.4.1 UNIFIED THREAT MANAGEMENT FIREWALL(UTM)UTM is a firewall that focus on simplicity and ease of use.UTM devices have a limitation which will not be able todetect modern advance threats as they are unable to inspectdeeply inside the packet and identify threats or maliciouscontents.UTM firewalls bring advanced network securitytechnologies to small and medium businesses and remoteoffices. Traditional firewalls can only ACCEPT/BLOCKtraffic based on IP addresses and ports and offers littleprotection outside of that.4.1.1 FEATURES OF UTM3.1.3 CIRCUIT-LEVEL GATEWAYA circuit-level gateway is a firewall technique that providesUser Datagram Protocol (UDP) and Transmission ControlProtocol (TCP) connection security and works betweenapplication layers such as the session layer and (OSI)network models. Unlike application gateways, circuit-levelgateways monitor TCP data packets handshaking andsession contentment of firewall rules and policies.Nearly all unified threat management applicationincorporates the same special features. Some of theapplications may also include extra features in orderto request to certain customers.IJSER 2020http://www.ijser.org Antivirus Antimalware Firewall Intrusion Prevention
International Journal of Scientific & Engineering Research Volume 11, Issue 1, January-2020ISSN 2229-5518 Virtual private networking (VPN) Web filteringSYSTEM (IDS), Also (IPS) and/or various procedures, forexample, website filtering, QoS/bandwidth management,antivirus inspection and outsider/third-party integration.4.1.2 ADVANTAGES OF UTM If we compare between traditional firewall and nextgeneration firewall (NGFW) security-based systems, inwhich they have less similarities and more differences.Ease of use.Simple technique.No complexity.5. INTRUSION DETECTION SYSTEM and INTRUSIONPREVENTION SYSTEM4.1.3 ADDITIONAL KEY POINTS OF UTM 7975.1 IDSUTM solutions recommend uniquebenefits to small and mediumbusinesses that are looking toimprove their security programs.Intrusion in lay terms which is unwanted or unauthorizedinterference and as it is unwanted or unauthorized, it is thennormally with bad intentions. The intention of the intrusionis to gather information linked to the organization such asthe structure of the internal networks or software systemslike operating systems, tools/utilities, or softwareapplications castoff by the organization and then pledgeconnections to the internal network and carry out attacks.they have certain capabilities ofmany specialized programs that arecontained in a single appliance,UTMs decrease the complexity of acompany’s security system. SomeUTM solutions provide additionalbenefits for companies that is instrictly regulated industries.IJSER Appliances that use identity-basedsecurity to report on user activitywhile enabling policy creationbased on user identity meet therequirements of regulatorycompliance such as HIPPA, CIPA,and GLBA. UTM solutions also help to protectnetworks against combined threats.An Intrusion Detection System (IDS) is a software/hardwarecombination that detects the intrusions into a system ornetwork. IDS set off a firewall by providing acomprehensive inspection of both the packet’s header andits contents thus safeguarding against attacks, which areotherwise identified by a firewall.These threats consist of various types of malware andattacks that target separate parts of the network atonce.Figure-2 courtesy-google, example for IDS and itsimportance.5.2 IPS4.2 NEXT GENERATION FIREWALL(NGFW)A next-generation firewall (NGFW) is an equipment orprogramming-based system security framework that candifferentiate and square refined attacks by applying securityapproaches at the application level, and as well at the portand convention level.A Next-Generation Firewall (NGFW) is a synchronisedsystem stage that joins a conventional firewall with othersystem network gadget filtering functionalities, for examplean application firewall exploiting as a fragment of line deeppacket inspection (DPI), an INTRUSION DETECTIONIt works in the same zone of the network as a firewall system,among the outside world and the internal network. IPS isvery much aggressive which rejects network traffic createdon a security profile if that same packet characterizes aknown security threat. An Intrusion PreventionSystem (IPS) is a network security/threat preventiontechnology that analyses network traffic flows to detectand prevent vulnerability abuses. These Vulnerabilityabuses normally come in the form of malicious inputs toa target application or service that attackers use to takeover the control and interfere machine or an application.IJSER 2020http://www.ijser.org
International Journal of Scientific & Engineering Research Volume 11, Issue 1, January-2020ISSN 2229-5518the Intrusion Detection System (IDS) acts as a predecessor—which is a passive system that scans traffic and reportsback on threats—the IPS is positioned in order that it is inthe direct communication path between source anddestination, actively examining and taking automatedactions on all traffic flows that enter the network.6.2 NGFW FLEXIBLE MANAGEMENT ANDDEPLOYMENT OPTIONS Management for every use case - choose from anon-box manager or centralized management acrossall appliances.Deploy on-premises or in the cloud via a virtualfirewall.Customize with features that meet your needs –simply turn on subscriptions to get advancedcapabilities.Choose from a wide range of throughput speeds. 5.2.1 IPS FUNCTIONS Sending an alarm to the administrator.Dropping the anonymous packets.traffic is been blocked that comes from thesource address. 6.3 ADVANTAGES OF NGFW 7. SIMILARITIES AND DIFFERENCESTHESE TWO FIREWALL SYSTEMSApplication Recognition.Stateful Inspection.Integrated Intrusion Protection System (IPS).Bridged and Routed Approaches.Utilization of external intelligence sources.6.1 NGFW NETWORK VISIBILITY Threat activity across users, hosts, networks, anddevices.The visibility of Where and when a threatoriginated, where else it has been across yourextended network, and what it’s doing now.Active applications and websites.Communications between virtual machines, filetransfers, etc.BETWEEN7.1 SIMILARITIESThreat detection system is well advanced for moresecurity purposes. This firewall has more capabilities forthreats being analysed. Some features are visibilitydriven; threat focused etc. It packs traditional firewall functionality withintrusion prevention, antivirus and protocolfiltering.It scans content to avoid data leakage and stopthreats with detailed, real-time traffic inspection.Immediately respond to attacks.Improved detect evasive or suspicious activity.Reduce complexity.IJSERFigure-3 courtesy-google, example for IPS and itsimportance.6. NGFW FEATURES798 Static packet filtering that forms packets at theinterface to a system network. Stateful inspection or dynamic packet filtering,which checks each association on each interface of afirewall for the authenticity. Network address translation for the re-mapping ofthe IP addresses contained into packet headers. Virtual private network (VPN) supports thesecurity features of a private network over thesegment of an association which directs the web orthe other open network.7.2 DIFFERENCES IJSER 2020http://www.ijser.orgNon-disruptive, in-line, bump-in-the-wire (BITW)arrangement, in which a secrecy firewall livesinside the subnet so that it can filter traffic channelactivity between hosts.
International Journal of Scientific & Engineering Research Volume 11, Issue 1, January-2020ISSN 2229-5518 Integrated signature-based intrusion preventionsystem (IPS), which indicates different kinds ofattacks to filter and gives a brief report. Ability to integrate information from outside thefirewall, including index-based arrangements,white records, and boycotts. Recognizable proof of applications usingpredefined application signatures, payloadexamination, and header inspection. Networksecurity strategies are implemented at applicationlevel since the security segments are turned downinto territory of abuse by malicious contents. Next generation firewall systems haveextensive control and visibility ofapplications that it can identify usinganalysis and signature matching. They can use white lists, or a signature based IPSto distinguish between safe applications andunwanted stuffs, which are then detected usingSSL decryption.1.International Journal of Trend in Scientific Researchand Development (IJTSRD) UGC ApprovedInternational Open Access Journal. ISSN No: 2456 6470 www.ijtsrd.com Volume - 1 Issue-5.2. Manoj R Chakravarthy / (IJCSIT) InternationalJournal of Computer Science and InformationTechnologies, Vol. 7 (3), 2016, 1212-1215, ISSN:09759646.3. https://www.researchgate.net/publication/271893800 Nextgeneration firewalls Security with performance.4. Manisha Patil Savita Mohurle "The EmpiricalStudy of the Evolution of the Next GenerationFirewalls" Published in International Journal ofTrend in Scientific Research and Development(ijtsrd), ISSN: 2456-6470, Volume-1 rd.com/papers/ijtsrd2259.pdf.5. AL GUARDIAN leads a newedition 2017 by Gartner magic quadrant report byCHRIS BROOK.6. all-doesn%E2%80%99t-go-far-enough.GTGGOBAL TELECOM October 2, 2017 By Joel Njoroge.7. https://www.techopedia.com/ Techopedia is a. Itwas started by the father-and-son team of Dale andCory Janssen. Dale Janssen - Co-founder JanaltaInteractive Inc.8. firewall Mr. SONIT JAIN who is the CEO ofGAJSHIELD in2002, GajShield is striving to deliverrobust and best in class security mechanisms.9. https://searchsecurity.techtarget.com/RENOWNED CONSULTANTS including JOHNATILL JOHNSON, CEO and founder of NemertesResearch, Nick Lewis, CISSP, Michael Cobb, CISSPISSAP.10. 2-6383-8 11 Intrusion Detection and PreventionSystems Authors: UMESH HODEGHATTA RAOand UMESHA NAYAK Open Access: ChapterFirst Online: 01 September 2014.11. Imperial journal of interdisciplinary research (IJIR)VOL-2, ISSUE-5,2016, Next-Generation Firewalls,ISSN :2454-1362.12. son and Ohad Korkus - founded Varonis hese are some similarities and differences between nextgeneration firewall (NGFW) and traditional firewallsystems.8. CONCLUSIONThis paper gives a brief study on next generation firewallsystems over traditional firewall systems. Internal structuresand systems are been explained clearly. Advantages andother special features like similarities and differencesbetween these two firewalls have also been pointed outunambiguously. Deep Packet Inspection be the integrationof Intrusion Detection (IDS) and Intrusion Prevention (IPS)can nowhere reach the old capabilities of traditional firewalltechnology. It is the best network security systems that canbe used to block and quarantine attacks/threats according tothe security policies. Going forward will there be successiveprogress in network technology and advancement which inturn will have the capabilities to detect and block advancedthreats and attacks.9. REFERENCESIJSER 2020http://www.ijser.org799
International Journal of Scientific & Engineering Research Volume 11, Issue 1, January-2020ISSN 2229-551813. rewalls/. Cisco Systems, Inc. is anAmerican multinational technologyconglomerate. Cisco Systems was foundedin December 1984 by Leonard Bosack andSandy Lerner, two Stanford Universitycomputer scientists.14. ral/security/next-gen-firewall.pdf.15. d-traditional-firewalls.Digital Guardian is an American data lossprevention software company. The companywas founded in 2003 under the nameVerdasys.IJSERIJSER 2020http://www.ijser.org800
4.2 NEXT GENERATION FIREWALL(NGFW) A next-generation firewall (NGFW) is an equipment or programming-based system security framework that can differentiate and square refined attacks by applying security approaches at the application level, and as well at the port and convention level. A Next-Generation Firewall (NGFW) is a synchronised
