Next-generation firewalls (NGFW): Checklists
Next-generation firewalls (NGFW): Checklists
Firewalls have been around for years, but the technology keeps evolving as the threat landscape changes. Here are some tips about what to look for in a next-generation firewall (NGFW) that will satisfy business needs today and into the future.
Next-generation firewalls (NGFWs) are at the core of an enterprise security strategy. The best ones incorporate policy enforcement for applications, user control, intrusion prevention, deep packet inspection, sandboxing and threat intelligence feeds. Adding more and more components means there’s more to manage and update, which can decrease your efficiency by creating an unnecessarily more complex system.
1. Trusted Security Environment:
Generally, the more you pay, the more features the product offers and the greater breadth of use cases covered, so buyers must decide what the right product is for them based on the level of protection they need. Next-gen firewalls already have the necessary security infrastructure components built-in, including:
- Anti-virus protection
- Spam filtering
- Deep packet inspection
- Application filtering
- IPS/IDS,
- DOS & DDOS
- URL filtering
- Anti-Phishing
- Anti-spyware
- DLP
- NAC & VPN
Whichever brand you select, confirm that the firewall is ICSA certified, the industry standard for packet inspection.
2. Application Awareness:
Next Generation Firewall must be able to identify, allow, block or limit applications regardless of port, protocol etc. Traditional port-based firewalls only provide you with limited control and visibility of the applications and end-users accessing your network.
Obviously, you don’t want everyone accessing applications like YouTube or Facebook, however, what about your marketing team, or teachers that are streaming a video for a specific lesson? With the right firewall in place, you can apply policies to certain end-users, allowing access to those with jobs pertinent to the applications being used. Different end-users can have different polices applied that prohibit them from accessing certain applications.
3. Approachability:
Many firewall models deliver tight security and offer GUI-friendly administration. GUIs help prevent installation mistakes, make it easier to diagnose and correct failures, make it easier to train staff and implement changes, upgrades, and replacement.The easier a platform is to administer, the easier it will be to troubleshooting and maintaining the platform.
4. Deep packet inspection (DPI):
This capability ensures the various pieces of each packet are thoroughly examined to identify malformed packets, errors, known attacks and any other anomalies. DPI can rapidly identify and then block Trojans, viruses, spam, intrusion attempts and any other violations of normal protocol communications.
5. VPN support:
A good firewall also establishes and monitors secure channels, enabling remote connectivity. In order to secure encrypted traffic the Next generation Firewall supports all inbound and outbound SSL decryption capabilities. Look for a firewall that supports both SSL- and IPSec- protected VPN connections from similar devices (for point-to-point or site-to-site VPNs), as well as other secure connections
6. Capacity & Throughput:
Ensure that the device has the appropriate number of Ethernet ports and the appropriate speeds (10Mbps/100Mbps and/or 1000Mbps, if necessary). Ensure that the firewall you select and/or maintain has the CPU capacity necessary to perform packet inspection, gateway security services, and routing functions.
7. Failover:
Some organizations require WAN failover, or redundant Internet connections with automatic fault detection and correction. Many firewall models don’t have support for automatic failover. If that feature is critical to your organization, confirm that the model you select includes seamless failover; don’t assume high-end firewalls include such functionality by default.
Never ever trust firewall performance stats
Understanding how a NGFW performs requires more than looking at a vendor’s specification or running a bit of traffic through it. Most firewalls will perform well when traffic loads are light. It’s important to see how a firewall responds at scale, particularly when encryption is turned on. Roughly 80% of traffic is encrypted today, and the ability to maintain performance levels with high volumes of encrypted traffic is critical.
Also, be sure to turn on all major functions – including application and user identification, IPS, anti-malware, URL filtering and logging – during testing to see how a firewall will hold up in a production setting. Firewall vendors often tout a single performance number that’s achieved with core features turned off.
Important metrics to look at include application throughput, connections per second, maximum sessions for both IPv4 and IPv6, and SSL performance.
We @layots are ready to help the organisation by pitching the selection of right network firewall device which best matches the customers requirements.