The term firewall has been around a long time now and written about plenty. Even the author of this whitepaper co-authored an article called “Firewalls Fend Off Invasions From the Net” (payment required) in the February 1998 issue of IEEE Spectrum.
1. a fireproof wall or partition used to impede the progress of a fire, as from one room or compartment to another
2. (Electronics & Computer Science / Computer Science) a computer system that isolates another computer from the Internet in order to prevent unauthorized access
The use of firewall in the 2nd definition has been around since the late 1980s to describe a device to block unwanted network traffic while allowing other traffic to pass. The first published description of a “modern” firewall including use of that name was in ‘Practical Unix Security’ written in 1990 and published in 1991. The first description of a firewall, although not by that name, was also in 1990, in a paper by Bill Cheswick. A few of the industry pioneers tried to track down the etymology of the word as described in this context. They found several references from the mid-80’s that used the word to describe a damage-limiting device. The earliest use they found that seems to correspond to a security device was by Steve Bellovin, in some email to Phil Karn, in 1987. While the context suggests that Phil knew what Steve meant, Steve doesn’t think he invented it.
Bringing us back to present day, what is the difference between a traditional firewall, next-generation firewall, application aware firewall, and web application firewall?
Firewalls allows valid business traffic to flow, while keeping out unwelcome visitors. And with newer application visibility and control capabilities, the next-generation firewalls can limit peer-to-peer file sharing, instant messaging, and malicious traffic, while enabling secure deployment of new business applications for improved manageability. This prevents security leaks and the introduction of threats to the network.
This whitepaper outlines the differences between traditional firewalls, Next Generation Firewalls, and Web Application Firewalls.
Steve Lodin is a consultant with Pondurance and has been a CISSP since 1998.