This invention relates to internetwork communications and data exchanges, and in particular to the security of information exchange between computer networks to inhibit and detect attempts at vandalism, espionage, sabotage or inadvertent destruction of data.
Computer networks connect multiple computer systems together, allowing them to share information. Initially, the computers were in one, secure location. As the utility of networks grew, it became more and more desirable to connect networks at different locations to allow information to flow between the computer systems at all sites. As the number of computer systems grew beyond the point where each user of the network was well known to all other users, the need for a mechanism to describe and enforce a policy for access, known as a "security policy", became apparent.
Two major techniques developed for security policy enforcement. The first is packet filtering, in which a security policy specifies what types of connections are allowed and permits or denies passage of TCP/IP packets of specific types through a router. The second technique is application filtering, which operates at a higher level, examining the specific transactions that pass through a TCP/IP connection, and allowing them or denying them based on the specific action being attempted, or the identity of the requester.
When combined, these two techniques comprise a firewall, whose purpose is to implement and enforce the security policy of an organization regarding connections between two or more networks. Historically, there have been two major types of firewalls: custom and commercial. A custom firewall is a device or collection of devices designed, purchased, assembled, configured and operated by an organization for the purposes of guarding a network interconnection. A commercial firewall collects many of the components of a custom firewall into a single device, and is sold (and sometimes configured) by a company to make the installation of a firewall easier and more cost effective.
Custom firewalls have many potential drawbacks. For one, because they are designed and constructed by a single organization that may not have extensive experience in the problems of firewall design, they may not account for many known problems. Because they are designed and built for a specific purpose, they are typically very difficult to adapt to new policies. This often requires a significant redesign effort, and additional hardware. Because they are built in a unique manner, each custom firewall requires special software, special training, and special expertise in modifications that does not translate into other firewall installations.
Commercial firewalls are designed to consolidate as many services as possible into a single box. That box is then used as the focus of a customer-specific firewall. Because some services, such as packet filtering, are often done better in routers, commercial firewalls are rarely used by themselves. Additional devices, and a design for their use, is often required, which returns the customer to many of the problems inherent in a custom firewall.
In addition, commercial firewalls are configured by the user, who may be unaware of many of the issues and problems of security policy design. It is estimated that more than 30% of all firewall penetrations happen through a commercial or custom firewall. This is typically because of poorly thought out configuration.
Because much of the functionality of a commercial firewall is concentrated in a single box, these devices also invite other problems. If the device fails, all communication between networks is cut off. There is no ability to gracefully degrade service. If the security of one service of the box is compromised, this can open a path for an attacker to compromise other services and widen their access. Also, the design of the single-box firewall very strongly affects the types of policies available to the customer. If a box is designed primarily as an applications gateway device, it is very difficult to configure it in a firewall that will permit some services to be performed via packet-filtering only.
One problem that is shared by both types of firewalls is that of scalability. Because each type of firewall has strong hardware/software/configuration customizations for each specific customer, managing the firewalls of more than one customer is very difficult. Making significant policy changes in multiple customer firewalls is also extremely difficult.
Because of these scalability problems, it has been quite difficult for a company to offer managed firewall services to many customers, since the scaling problems escalate with each new customer.