Benutzer:Nargat/NGFW

Vorlage:Short description

A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functions, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).^[1]

Next-generation firewall vs. traditional firewall

NGFWs include the typical functions of traditional firewalls such as packet filtering,^[2] network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.

NGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls.^[3] NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.^[4]

Evolution of next-generation firewalls

Vorlage:Unsourced Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.

Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But blocking a web application that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.

Protection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.

NGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular "allow/deny" rules for controlling use of websites and applications in the network.

See also

• Network security
• Unified threat management

Further reading

• How to build your next-generation firewall at home

References

[[:Category:Computer security]] [[:Category:Computer network security]]

• 2021-05-01 12:18 (UTC) . . BlueSingularity (→‎Evolution of next-generation firewalls: Fixed grammar)
• 2020-11-13 02:46 (UTC) . . Maxeto0910 (Added short description.)
• 2020-10-12 01:52 (UTC) . . Dexbot (Bot: Aligning section names with w:en:MOS:SECTIONS)
• 2020-10-11 18:17 (UTC) . . 2001:7D0:833A:7880:619F:B5B8:39DB:4903 (→‎Further Reading:)
• 2020-10-11 18:13 (UTC) . . 2001:7D0:833A:7880:619F:B5B8:39DB:4903
• 2020-09-14 16:26 (UTC) . . MrOllie (Reverted 1 edit by Itirupati (talk): Rv blog)
• 2020-09-14 16:13 (UTC) . . Itirupati (→‎References:)
• 2020-04-11 14:39 (UTC) . . GermanJoe (Undid revision 950312803 by Royaal (talk) unsourced indiscriminate examples, not a trade magazine)
• 2020-04-11 11:50 (UTC) . . Royaal
• 2020-01-14 01:57 (UTC) . . 86.142.196.189 (non word)
• 2019-10-15 17:20 (UTC) . . MrOllie (Reverted 1 edit by Osigate alan (talk) to last revision by GermanJoe (TW))
• 2019-10-15 17:18 (UTC) . . Osigate alan (→‎References:)
• 2019-08-22 09:23 (UTC) . . GermanJoe (→‎Next-generation firewall vs. traditional firewall: rmv - not an independent reliable source)
• 2019-08-22 09:18 (UTC) . . GermanJoe (→‎Evolution of next-generation firewalls: upd - better tag)
• 2019-08-22 09:13 (UTC) . . GermanJoe (rmv - namedropping, unnecessary maintenance tag (not overly promotional, although some PoV and WP:TONE issues remain))
• 2019-08-22 09:10 (UTC) . . GermanJoe (rmv - blatant spam, "See also" is not a laundry list for providers and products)
• 2019-08-22 08:35 (UTC) . . Gebruiker tvb (→‎See also:)
• 2018-12-21 18:45 (UTC) . . Didgeri (→‎See also:)
• 2018-12-06 12:44 (UTC) . . 193.110.49.10 (Juniper Networks added as a company related to NGFW development)
• 2018-11-02 21:16 (UTC) . . 209.234.172.46 (→‎See also:)
• 2018-10-26 10:11 (UTC) . . Shellwood (Reverted edits by 123.231.23.12 (talk) (HG) (3.4.4))
• 2018-10-26 10:10 (UTC) . . 123.231.23.12
• 2018-10-11 06:50 (UTC) . . 204.9.108.46 (→‎See also:)
• 2018-10-03 19:32 (UTC) . . 212.42.204.130 (→‎See also:)
• 2018-09-17 22:10 (UTC) . . 4.78.245.197 (→‎See also:)
• 2018-07-17 16:08 (UTC) . . 2001:420:C0C4:1001:0:0:0:1AA (→‎See also:)
• 2018-07-17 16:07 (UTC) . . 2001:420:C0C4:1001:0:0:0:1AA (→‎See also:)
• 2018-07-04 15:45 (UTC) . . Mwus
• 2018-07-04 15:44 (UTC) . . Mwus (Undid revision 848823449 by Mwus (talk))
• 2018-07-04 15:43 (UTC) . . Mwus
• 2018-07-04 15:41 (UTC) . . Mwus (→‎See also:)
• 2018-07-04 15:39 (UTC) . . Mwus (→‎See also:)
• 2018-07-04 15:37 (UTC) . . Mwus (→‎See also:)
• 2018-06-27 18:51 (UTC) . . 216.221.228.6 (→‎See also:)
• 2018-06-20 08:27 (UTC) . . 2A01:CB00:503:6E00:451F:5E31:FBC3:649B (→‎See also:)
• 2018-06-20 08:26 (UTC) . . 2A01:CB00:503:6E00:451F:5E31:FBC3:649B (→‎See also:)
• 2018-06-20 02:19 (UTC) . . Nurg (Nurg moved page w:en:Next-Generation Firewall to w:en:Next-generation firewall: sentence case - not a proper name)
• 2018-06-20 02:19 (UTC) . . Nurg (c/e)
• 2018-05-30 19:34 (UTC) . . 41.140.152.21 (→‎See also:)
• 2018-05-30 19:33 (UTC) . . 41.140.152.21 (I've added Forcepoint NGFW for broader and deep technical overview of forcepoint NGFW)
• 2018-02-24 01:42 (UTC) . . 208.91.114.1 (→‎See also:)
• 2018-02-20 23:24 (UTC) . . 96.5.129.18 (removed useless section that also had no citations)
• 2017-12-20 08:09 (UTC) . . Namnatulco (Remove the section on "why this is totally the future, written by company that works on this" -- the removed text is talking about the future prediction of the source it cites. That source is biased.)
• 2017-11-07 21:04 (UTC) . . 179.49.44.110
• 2017-11-07 21:01 (UTC) . . 179.49.44.110
• 2017-11-07 21:01 (UTC) . . 179.49.44.110
• 2017-11-07 21:00 (UTC) . . 179.49.44.110
• 2017-10-02 10:53 (UTC) . . Nolio (→‎Next-Generation Firewall vs. Traditional Firewall:)
• 2017-10-02 10:52 (UTC) . . Nolio (→‎Evolution of Next-Generation Firewalls:)
• 2017-10-02 07:56 (UTC) . . 112.134.177.187
• 2017-08-28 13:52 (UTC) . . 196.15.224.34
• 2017-08-28 13:52 (UTC) . . 196.15.224.34
• 2017-08-07 05:17 (UTC) . . AnomieBOT (Dating maintenance tags: {{Advertisement}}})
• 2017-08-07 03:16 (UTC) . . 2601:18D:8A01:3430:C0C6:2DDE:BAAB:2168
• 2017-07-18 12:26 (UTC) . . 89.202.186.242 (→‎Why future of Security will be Context-Based ?:)
• 2017-02-09 02:25 (UTC) . . BG19bot (→‎Why future of Security will be Context-Based ?:w:en:WP:CHECKWIKI error fix for #16. Remove invisible Unicode characters. Do general fixes if a problem exists. -, replaced: →)
• 2017-01-15 14:33 (UTC) . . 120.62.14.144 (Added why context-based is the future of security)
• 2017-01-11 15:19 (UTC) . . Kku (link w:en:virtual private network using Find link)
• 2016-12-19 11:30 (UTC) . . 194.209.66.94 (→‎Evolution of Next-Generation Firewalls:)
• 2016-10-30 11:50 (UTC) . . 213.106.165.104
• 2016-10-12 14:51 (UTC) . . Aaron.lancaster (Added context and additional WP links)
• 2016-07-26 11:26 (UTC) . . AnomieBOT (Dating maintenance tags: {{Citation needed}}})
• 2016-07-26 09:26 (UTC) . . Seba5tien (Full article cleanup, removed buzzwords, ensured prose meets MoS standards)
• 2016-07-26 09:19 (UTC) . . Seba5tien (Removing copyrighted content, copied and pasted from online source. Confirmed this content as copied from article with CopyVio detector.)
• 2016-06-14 14:25 (UTC) . . 217.6.16.202 (→‎Next-Generation Firewall vs. Traditional Firewall:)
• 2016-06-14 14:24 (UTC) . . 217.6.16.202 (→‎Next-Generation Firewall vs. Traditional Firewall:)
• 2016-06-14 14:23 (UTC) . . 217.6.16.202 (→‎Next-Generation Firewall vs. Traditional Firewall:)
• 2016-06-14 14:22 (UTC) . . 217.6.16.202 (→‎Next-Generation Firewall vs. Traditional Firewall:)
• 2016-02-28 01:30 (UTC) . . 106.129.47.37 (Link)
• 2015-10-15 21:20 (UTC) . . Nuujinn (Added {{[[:w:en:Template:copypaste|copypaste]]}}} tag to article (TW))
• 2015-09-09 19:12 (UTC) . . 89.15.181.116 (→‎Bolt-on security solutions ineffective:)
• 2015-07-28 13:35 (UTC) . . 105.158.40.13 (→‎Bolt-on security solutions ineffective:Sjwnwh)
• 2015-07-27 09:45 (UTC) . . 203.101.89.226 (→‎See also:)
• 2015-07-27 09:44 (UTC) . . 203.101.89.226 (→‎See also:)
• 2015-07-27 09:44 (UTC) . . 203.101.89.226 (→‎See also:)
• 2015-07-27 09:40 (UTC) . . 203.101.89.226 (→‎Evolution of Next-Generation Firewalls:)
• 2015-03-31 15:28 (UTC) . . 111.93.93.138
• 2015-01-16 09:36 (UTC) . . Yobot (→‎Next-Generation Firewall vs. Traditional Firewall:w:en:WP:CHECKWIKI error fixes using AWB (10770))
• 2015-01-07 10:20 (UTC) . . Ozwon (Less biased statements for first half of article)
• 2014-11-07 22:01 (UTC) . . Lousyd (→‎Evolution of Next-Generation Firewalls:)
• 2014-11-07 21:59 (UTC) . . Lousyd (→‎Evolution of Next-Generation Firewalls:)
• 2014-10-16 16:53 (UTC) . . Technojoe (Added inline tagging for specific cleanup needed.)
• 2014-07-08 18:48 (UTC) . . 161.69.67.20 (→‎Next-Generation Firewall vs. Traditional Firewall:)
• 2014-04-19 03:23 (UTC) . . 50.246.99.246 (add wikilinks)
• 2014-04-03 06:45 (UTC) . . BG19bot (w:en:WP:CHECKWIKI error fix for #61. Punctuation goes before References. Do general fixes if a problem exists. - using AWB (9991))
• 2014-04-02 13:46 (UTC) . . Tutelary (Added {{[[:w:en:Template:expert-subject|expert-subject]]}}} tag to article (TW))
• 2014-04-02 13:28 (UTC) . . Pete Mahen
• 2014-04-02 13:27 (UTC) . . Pete Mahen (→‎Next-Generation Firewall V/S Traditional Firewall:)
• 2014-04-02 13:25 (UTC) . . Pete Mahen
• 2014-04-02 13:23 (UTC) . . Pete Mahen (→‎Next-Generation Firewall V/S Traditional Firewall:)
• 2014-04-02 13:22 (UTC) . . Pete Mahen
• 2014-04-02 13:21 (UTC) . . Pete Mahen
• 2014-04-02 13:17 (UTC) . . Tutelary (→‎External links: Omitted section due to w:en:WP:ELNO. Was also not relevant to topic at hand.)
• 2014-04-02 13:17 (UTC) . . Pete Mahen
• 2014-04-02 13:16 (UTC) . . Tutelary (Added tags to the page using Page Curation (refimprove, expert))
• 2014-04-02 13:13 (UTC) . . Pete Mahen (←Created page with 'A Next-Generation Firewall is an integrated network platform that consists of in-line deep packet inspection (DPI) firewall, Intrusion Prevention System, Applica...')