A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with application specific granular controls to help them detect application specific attacks. They help detect attacks through application specific protocols such as HTTP, HTTPS, SMTP and so on. It also incorporates various network device filtering functionalities such as an intrusion prevention system (IPS), Web filtering and Email security. They also features functionalities such as centralized management, SSL interception, VPN’s, Virtualized deployment, QoS/bandwidth management, Gateway antivirus and Third-party integration (i.e. Active Directory).
To understand the difference between NGFW & UTMs Please go through the blog titled “UTM vs NGFW – A Single Shade of Gray” in the Blog section.
Key Program Metrics :
Percentage of server application attacks blocked by the firewall. This can be helpful in tweaking the rule-sets to prevent future attacks
# redundant rules :
These are the rules that are masked, completely or partially, by other rules that are either placed higher up in the rule base. they add to the inefficiency and must be detected and removed subsequently
# of exception in rules :
These are the exceptional cases where a rule is created temporarily to cater to the particular business need. care should be taken that all such rules are removed as soon as they are expired.
# rules with permissive services :
Permissive services give more access then is needed to the destination by allowing additional services. The most common examples of this are rules with “ANY ” in the service field. These kind of rules should be minimized
# rules with risky services :
Services such as telnet, ftp, snmp, pop etc. are risky because they usually credentials to be passed in plain text. Any service that exposes sensitive data or allows for shell access should be tightly monitored and controlled.
# rules with no documentation :
Firewall rules should be documented. Rules should be explained in detail, business case is described. Any rule change shall be according to proper change ticket.
# rules with no logging :
Firewall logs are useful for troubleshooting and forensics. It is very imperative that firewall logging hould be enabled and logs are leveraged for proper firewall management
Do let me know if you want us to add or modify above information.
Check out the Next Generation Firewall market within FireCompass to get more information on these markets