Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Firewall: Questions abound about its future role in cloud, mobile and SDN environments

Ellen Messmer | July 15, 2014
It's been 20 years since Check Point Software Technologies shipped its first enterprise network firewall, marking the beginning of a mass market for firewalls that has protected millions of networks across the world.

It's been 20 years since Check Point Software Technologies shipped its first enterprise network firewall, marking the beginning of a mass market for firewalls that has protected millions of networks across the world.

Check Point's FireWall-1, unveiled at NetWorld+Interop in 1994, wasn't the first network firewall, of course. The firewall had begun taking shape with the rise of the Internet. Companies and universities throughout the 1980s and 90s saw the need to block unwanted IP traffic by creating a perimeter gateway barrier however they could. In that era, they sometimes "rolled their own" based on routers or other gear until vendors eventually came to their rescue with firewall products that spared them this unwanted labor.

Marcus Ranum, now chief security officer at Tenable Network Security, is considered the most prominent of the early commercial firewall innovators because he designed the DEC SEAL firewall in 1990, and worked on the Gauntlet firewall and TIS toolkit at Trusted Information Systems. TIS, founded in 1983 by a former NSA employee Steve Walker, focused on high-security government customers; the company was sold to Network Associates (which later became McAfee) in 1998. Other early efforts, such as the Raptor firewall, also existed. But it was the launch of Check Point's FireWall-1 that ended up creating the kind of mass market soon joined not just by the big network providers such as Cisco and Juniper, but a host of other players, such as WatchGuard.

It was Check Point that gained steam while TIS didn't. Ranum mulls why that may have been so: "The proxy firewalls that ruled the technology at the time required some analysis of the application protocol, and the design of a gateway system to parse, process and filter the layer-7 traffic going through the," Ranum points out. "This took time — development time to produce a proxy, and processor time in the firewall's CPU to do the analysis. When the Internet bubble began, Check Point really took off because they didn't do any layer-7 analysis and it was easy to write a rule to let traffic through. New applications were popping up all over the place and Check Point's ability to respond (and their performance story — it's easy to be fast if you don't do much!) made them a much easier sell. They also had Sun and the Sun reseller channel behind them — so they crushed everyone with a combination of being in the right spot and having technology that was fast and offered basic, adequate security."

"Stateful inspection was fast and easy," says Scott Montgomery, CTO at Intel Security, who remembers those days, saying the Gauntlet firewall was relegated to only the most high-security networks.

 

1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.