Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Next Generation Firewalls: What's coming?
Special Forums Cybersecurity IT Security RSS Next Generation Firewalls: What's coming? Post 302416726 by Linux Bot on Tuesday 27th of April 2010 02:30:03 PM
Old 04-27-2010
Next Generation Firewalls: What's coming?
I joined some seminars, conferences, read some articles and studies about ongoing developments of new firewall technologies and I would like to mention my thoughts about it. Some of those technologies are already on the market but they're starting to be accepted by.

Features:
The next generation firewalls will:
  • Have superior performance (up to 100Gbps);
  • Be deployed on more complex network traffic (MPLS, VPLS);
  • Recognize applications (P2P, Video, Productivity, Web, IM, Skype, Games, etc, even "encrypted/obfuscated ones") for control purposes;
  • Be part of complete security Ecosystems (FW, IPS, Anti-Spam, Anti-Malware, Parental Control, VPN, DPI, Lawful Interception) on a single Blade system;
  • Support Denial of Service attacks detection and mitigation on a cleaning center architecture rather than a simple blind shape;
  • Handle on-line traffic scanning for threat detection with zero delay;
  • Understand traffic patterns and build a intelligent filtering network rather than simple allow/deny rules;
  • Allow more "user oriented rules"than ip oriented rules;
As network threats evolve, I understand that our protection mechanisms can not remain the same and for firewalls we do not see a "slips forward" for a time.

I see this "all-in-one" features or "Ecosystem" as a natural evolution of the existing UTM devices. Makes investment cheaper. Management and troubleshooting easier. And are greener than the actual approach to combine multiple security devices to protect a network.

I'm excited with the possibility to evaluate one of those devices. This shall happen soon.

I'll post the tests results here in the future.

A good point here is that the security market is moving forward and for me, it's pointing to the right direction.

Regards

Image
Image

More...
 

6 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Linux Firewalls

I've been considering switching my companies production firewall from FreeBSD and OpenBSD to Linux. The reason being is having so many different flavors of Unix on our production network from FreeBSD, OpenBSD, Solaris, and Linux makes things more difficult to manage from a standardized... (2 Replies)
Discussion started by: mstevenson
2 Replies

2. IP Networking

Halted Firewalls by Mike Murray

Secure packet filtering on high-bandwidths fw/rtr for large business tasks. Has anyone tried this concept on openbsd? The article is posted at www.sysadminmag.com on page 27. January 2002 issue. I believe Mike has hit upon something that can be applied in the field today and prevent fw... (0 Replies)
Discussion started by: dpatel
0 Replies

3. Cybersecurity

firewalls and proxys

what can I use to find out whether a computer has a firewall or proxy??? What can I use do erase it? (5 Replies)
Discussion started by: Phatress
5 Replies

4. UNIX for Dummies Questions & Answers

Firewalls and other security measures...

One day, while using my PC with Windows XP, my router just stopped working. So, for the ability to connect to the web at that moment, I connected directly to the cable modem without my router. I noticed immediately that people were trying to hack into my computer because my personal firewall would... (2 Replies)
Discussion started by: Minnesota Red
2 Replies

5. UNIX for Advanced & Expert Users

Firewalls

Hi, I was doing abit of reading on firewalls when this question came up. Is there any command which sets up a firewall that will only allow packets through if they come from a port number less than 1024? How about a command which allows packets through if they are destined for a port... (3 Replies)
Discussion started by: sleepster
3 Replies

6. Cybersecurity

Firewalls and cryptography

As we know, firewall is designed to keep unauthorized outsiders from tampering with a computer system or network. We don't talk about computer security without cryptography. In this case, may I know,How does cryptographic protection (at the TCP/IP layers or at the application layer) affect a... (1 Reply)
Discussion started by: heroine
1 Replies

LEARN ABOUT DEBIAN

renaissance

RENAISSANCE(7)						 Miscellaneous Information Manual					    RENAISSANCE(7)

NAME

       renaissance - GNUstep Development Framework

SYNOPSIS

       renaissance

DESCRIPTION

       This  manual page documents briefly the renaissance development framework.  This manual page was written for the Debian distribution (based
       on the program's README file) because the original program does not have a manual page.

       renaissance is a GNUstep develoment framework which runs on top of the GNUstep libraries.  It also works on top of the Apple Mac OS X Cocoa
       libraries, providing an opaque layer to write portable applications.

       GNUstep Renaissance allows you to describe your user interface in simple and intuitive XML files, using an open, standard format describing
       the logic of the interface.  At run-time, GNUstep Renaissance will then generate the user interfaces (using the native  host  OpenStep-like
       libraries) by reading the XML files.  The connections between the objects created from the XML files, and the other objects in the applica-
       tion are done via outlets (as traditionally in OpenStep); a new quick and intuitive syntax has been developed to make creating  outlets	as
       easy as possible.

       GNUstep Renaissance contains quite a few new ideas over previous technologies.  Some of the main end-user advantages of GNUstep Renaissance
       over previous OpenStep-inspired technologies for the same task are:

	- Portability.	User interfaces built using GNUstep Renaissance are
	truly portable.  They simply run without any change on any
	OpenStep-based platform on which Renaissance has been ported
	(currently, at least on both GNUstep and Apple Mac OS X).

	- Open, simple and standard format.  User interfaces built using
	GNUstep Renaissance are saved into open, simple files which can be
	edited and read on any platform using any text editor.	The XML
	format has been designed to be as easy to edit as possible.  We will
	have a specific graphical builder for GNUstep Renaissance, which will
	make editing directly the XML files a rare operation; still, it's a
	great advantage to be able to actually edit and inspect them directly
	whenever needed.  Your user interfaces will no longer be locked in
	binary files which can only be edited using a specific
	platform-specific application; you will be able to compare different
	versions of the same user interface using diff and cvs diff (you
	can't get any meaningful comparison with binary formats); and your
	user interfaces will be finally stored in a readable format, which
	you can read even from a terminal, making your program easier to
	check.	The format is so nice that I expect many hard hackers will
	keep creating user interfaces directly in XML even when a graphical
	editor is available!

	- Easy localization.  User interfaces built using GNUstep Renaissance
	are much easier to translate than in all previous technologies.  You
	no longer need to create a new separate interface for the new
	language: you can just provide the translation of the strings in a
	.strings file, and GNUstep Renaissance will automatically replace
	every string in the existing interface with the corresponding
	translation.  Previous technologies can't do this because they don't
	support automatic sizing and layout of widgets.

	- Themeability.  Themes are a problem for traditional OpenStep-like
	technologies, because a change in theme changes all the widgets
	appearances and sizes.	User interfaces built using GNUstep
	Renaissance can survive easily a change in theme, since all sizing
	and layout of widgets is done dynamically at runtime.  Previous
	technologies can't, and you would need to create a different user
	interface for each different theme.

       Renaissance is composed of the following blocks:

	- AutoLayout: a collection of autolayout objects (h/v boxes, grids,
	spaces, ...), providing automated runtime widget layout, similar to
	what you find in most other toolkits on the market ... similar, but
	better :-) The missing piece of the AppKit.  Depends on gnustep-gui.

	- Markup: an xml parsing/generating engine.  Depends on gnustep-base.

	- TagLibrary: a standard set of tag objects for use by the xml
	parsing/generating engine in order to read/write gui windows, menus,
	panels, etc.  Depends on the previous parts: AutoLayout and Markup.

       Renaissance was written by Nicola Pero <n.pero@mi.flashnet.it> and is part of the GNUstep project (http://www.gnustep.org).

       GNUstep Renaissance home page is at http://www.gnustep.it/Renaissance.

AUTHOR

       This manual page was written by Brent A. Fulgham <bfulgham@debian.org>, for the Debian project (but may be used by others).

GNUstep 							 February 6, 2004						    RENAISSANCE(7)
All times are GMT -4. The time now is 02:18 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy