Firewalls Expand from the Perimeter to Virtual Machines and Web Apps

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The narrative in the security sector is that the onslaught of attacks over the past few years forced a proactive tightening of the perimeter. Firewalls are a main tool in this effort. Now, the thinking is, the bad guys have turned their attention from frontal assaults to initiatives that don't depend on storming the gates as much as finding clever ways around them.


That doesn't mean, however, that firewalls are yesterday's news. It is important to continue to guard the perimeter -- lest security efforts lag and such exploits reemerge, like outbreaks of a disease that was generally thought eradicated. Moreover, new types of firewalls that work at the application layer and in virtualized environments also are emerging.


Earlier this month, Cisco introduced the ASA 5580, a firewall appliance (as opposed to a software-based system) designed for large enterprises with many locations. The ASA 5580, this internetnews.com story says, features IP Security and Secure Socket Layer Virtual Private Network (IPSec and SSL VPN) features. That's a fancy way of saying that it offers two options for enabling remote people -- in another office or on the road -- to safely communicate with databases and access applications. The ASA 5580, which will be available in March, is aimed at big businesses: Cisco says it can handle 2 million simultaneous policies.


IT Jungle does a good job of tracing the movement of the focal point from the perimeter to applications. Until several years ago, attacks on Web sites were mostly done for fun or validation by hackers. Now, there is too much money on the Web for anybody to have fun. It's a deadly serious business, and the bad guys are acting accordingly. Conceptually, the answer is to write applications that are inherently secure. Code is better, experts say, but far from perfect.


Thus, application Web application firewalls (WAFs) are a key tool. The challenge of creating them is that each application is different, and can be attacked in different ways. The piece describes Breach's approach, which focuses not on the details of each application, but on monitoring and reacting to behavior that is likely to represent hacking activity.


Firewalls, it turns out, are a widely defined category. There are network firewalls, application firewalls and, as described in this article, virtual network firewalls. Virtual devices use a single hardware platform to support multiple operating systems. Experts have raised yellow flags for a few months now: These systems are considered to be security liabilities.


This is especially true, according to this IT World Canada story, when the applications in a single virtualized environment communicate with each other. The heart of the piece is a look at several virtualized vendors identified by Gartner. The introduction to the list specifically mentions host-based (within the virtual machine) firewalls, but the list itself seems to be somewhat broader. The products are German firm Astaro's Security Gateway; Blue Lane's VirtualShield; Reflex Security's Virtual Security Appliance; and V-Agent from Catbird. Products are expected from StoneSoft (from Finland), StillSecure and McAfee.


Jeremiah Grossman, a well-known expert in the site vulnerability assessment sector, discusses WAFs. He says the category has been around for a long time, and has neither flourished or disappeared. The reason, he thinks, is that the basic idea -- being able to protect applications without changing their actual code -- is compelling. However, detractors say they don't do what is promised and are difficult to use. Grossman's conclusion is that WAFs are not a "silver bullet" -- nothing is -- but are a necessary weapon in security staffs' arsenals.