When the internet had just been invented, perimeter firewalls were considered “enough” to protect a work site’s data and network. However, in the modern world of IoT and smartphone devices they no longer provide the security they once did. Every work site has to make choices about how to deal with the internet.
In simple terms, a perimeter firewall forms a barrier between the public internet and the private network. Imagine a perimeter firewall as a defensive gateway for your enterprise – it can effectively control internal and external traffic, while disallowing unauthorized access. Now, though, network attacks and intrusions are getting to be a much more serious issue than were in 1995. Perimeter firewalls are often called “first-generation firewalls”.
There are four different types of 2nd-generation firewall:
1. Packet-filtering: Packet-filtering firewalls are the most similar to first generation firewalls, with basic functions of packet filtering that make it easy and cheap to build and deploy. Lack of verification ability and limited, inflexible security are the biggest disadvantages for packet-filtering firewalls.
2. Stateful: The stateful firewall is essentially a highly sophisticated packet filter, able to filter all packets via dynamic packet filtering. It’s capable of individually tracking the session of every network connection going through it. Most modern firewalls now offer some degree of stateful inspection, as it works well in combination with other technologies.
3. Proxy server: A proxy server firewall uses the proxy server like a checkpoint. User applications must contact the proxy server, then connect with the destination machine through that instead of letting the client directly connect to the real destination. One advantage of proxy server firewalls is that internal IP addresses are conveniently hidden.
4. Hybrid: Hybrid firewalls are able to provide the other types of protection mentioned here. Though versatile, even when used together these types of 2nd-generation firewall are unable to prevent new threats or prevent malware from spreading within the network.
In the modern threat landscape, where malware can be carried into your work site in someone’s phone, laptop, or USB thumb drive, perimeter firewalls do nothing to prevent an enterprise network from being a staging ground to vicious malware. Only a third-generation firewall, usually called ‘next-generation’, can provide the necessary support – for example, deep packet inspection, cloud-updated threat intelligence, and intrusion prevention.
Our own next-generation firewall EdgeFire also streamlines the process of setting up network segmentation. Malware or intruders within the system will find their visibility shut down while yours is extended and monitoring is streamlined. Moreover, attempts to spread, move laterally, or even gather basic intelligence within the network are made much more difficult! This is why network segmentation rapidly became the industrial standard after its invention.
Learn more about EdgeFire’s defensive advantages, of which there are many more, here.