Firewalls can be an excellent security mechanism to establish a relatively secure barrier between a system and the external threats or intruders. The inability of enterprises to select, implement and configure new & existing defenses remains to be the most symbolic network security objection.
Challenges in current Firewall technology:
1. Packet Filter Firewalls take a back-seat due to ineffective control & shortfall of configured logging capabilities to organizational needs
2. Creating and updating packet filtering rules is prone to logic errors and thus, integrity threats
3. Paucity in remote administration facilities makes Packet Filtered Firewalls easiest to defeat
4. Clients need to be aware of Application specific custom proxy that the firewall runs on its behalf
5. Proxy mechanism is potentially costly and time-consuming
6. Proxy gateway firewalls lack application understanding.
Next Generation Firewalls
A next-generation firewall (NGFW) is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level. Next Generation Firewalls (NGFWs) detect application-specific attacks, to catch more malicious activity than more traditional firewalls. NGFWs blend the features of a standard firewall with quality of service functionalities in order to provide smarter and deeper inspection. These newer devices are application aware. The firewall itself monitors traffic from layers 2 through 7 and scrutinizes what type of traffic is being sent and received. In order to remove complexities due to multiple vendors, Next-Gen Firewalls should standardize on a single-firewall platform to minimize configuration errors, and to save money and apply resources to other network security technologies.