Upload
jmsnyder
View
235
Download
1
Embed Size (px)
Citation preview
8/3/2019 Testing Firewalls
1/16
Evaluating Firewalls in
the 21st Century
Joel Snyder
Opus One
TechTarget
8/3/2019 Testing Firewalls
2/16
Feeling that rip-and-replace
urge on your old firewall?
2 TechTarget
8/3/2019 Testing Firewalls
3/16
While You Were Out
Firewalls Have Been Rocking and Rolling
3 TechTarget
Enterprise
Firewall
Application
Firewall
8/3/2019 Testing Firewalls
4/16
Tip #1
Pay No Attention To The Buzzword
Remember:
No One Wants A
Quarter-Inch Drill Bit!
You dont want a UTM or
an NGFW or a WSG or
an MFA or
Youre not buying a
buzzword, youre solving a
problem
4 TechTarget
8/3/2019 Testing Firewalls
5/16
Tip #2
Whatever It Is, It Has To Be A Firewall, First.
Every Enterprise Firewall Should Have
Firewall policies (SIP/DIP/DP/Proto + Allow/Block)
NAT (Network Address Translation)
Site-to-site VPN using IPSec
Basic CoS/QoS bandwidth management features
Enterprise Network Integration: VLANs, link aggregation
High Availability
Speed
You Should Also Look For
- Dynamic routing with OSPF and/or BGP
- IPv6 Support
- Global management
5 TechTarget
8/3/2019 Testing Firewalls
6/16
Evaluation Hint
Old Firewalls ProbablyDo This Pretty Well
The Old Guard The New Guys
Astaro (Sophos) 3COM/H3C (HP)
Check Point Palo Alto
Cisco Phion (Barracuda)
Fortinet SourcefireJuniper
Secure Computing (McAfee)
SonicWALL
Stonesoft
WatchGuard
6 TechTarget
8/3/2019 Testing Firewalls
7/16
Tip #3
Short-list YourThreat Mitigation Features
Things That Turned Out To Be A
Good Idea
(Winning Features)
Things Someone Thought Would
Be A Good Idea
(Not-so-Winning Features)
Anti-Malware Anti-Spam
Intrusion Prevention DLP/Content Filtering
URL Filtering DDoS Blocking
7 TechTarget
8/3/2019 Testing Firewalls
8/16
Evaluation Hint
Its not Efficacy; its Problem Solving
Intrusion Prevention URL Filtering Anti-Malware
Efficacy Hint: firewall
IPS is not as good as
dedicated IPS
Efficacy Hint: We all
know that this only works
most of the time
Efficacy Hint: Firewalls
can help, but end-point
protection is the most
important defense
8 TechTarget
IPS: Differentiate between
clients and servers?
Manage dynamic profiles (
e.g., high priority)
A/M: Does it cover
the protocols you
care about? HTTP?
What else?
Filtering: Differentiateusers by group? By
interface? Different
policies?
8/3/2019 Testing Firewalls
9/16
Tip #4
Next Generation is about Widening the Tuple
9 TechTarget
Before:
After:
Application and Authentication are two possibilities.
NGFW vendors are still trying to figure out what we want!
8/3/2019 Testing Firewalls
10/16
Evaluation Hint
Divide VISIBILITY from CONTROL
Visibility
Crack the traffic open
(SSL Decryption)
Identify the Traffic
Control the Traffic
TechTarget 10
Control
Visibility is so much more important in
NGFW/Application Control because you
must match vocabularies!
8/3/2019 Testing Firewalls
11/16
Tip #5
SSL Decryption is a Must
Before
TechTarget 11
After
8/3/2019 Testing Firewalls
12/16
Evaluation Hint
Speeds and Feeds! Speeds and Feeds!
Does it work?
Can the firewall actually
decrypt SSL traffic
- on all ports ?
- normal SSL ?
- Connect (Proxy) ?
- STARTTLS (SMTP) ?
When the firewall is
decrypting SSL traffic, how
fast does it go?
TechTarget 12
Is it fast?
Remember:
Application Control (NGFW) is aUser Protective feature, and
only user traffic will be affected!
8/3/2019 Testing Firewalls
13/16
Tip #6
Application Identification Is Hard
TechTarget 13
Thats
Facebook,
right?
Wait, is
there
chatting?Or not?
Is the status
being
updated ?
Or is that
Mail?
8/3/2019 Testing Firewalls
14/16
Evaluation Hint
Build YourPolicy and Test YourPolicy
Efficacy TestingConsidered Harmful
Your Word of the Day
Sisyphean
TechTarget 14
Actual TestingActually Useful
I dont care about
1314 applications. I
just want to blockPeer-to-Peer
8/3/2019 Testing Firewalls
15/16
Firewall Testing:
Same as it EverWas, Only Different
1: You're not buying a buzzword, you're solving a
problem.
2: Firewalls still need to be firewalls, only faster
3: Threat mitigation isn't a question of efficacy, but of
meeting your needs (and check performance!)
4: Visibility into applications is important for next
generation features
5: Bite the bullet on SSL Decryption (and check
performance!)
6: Application Identification is not a race to get the biggest
numbers
TechTarget 15
Six Tips to Success
8/3/2019 Testing Firewalls
16/16
16
Evaluating
Firewalls in the
21st Century
Joel Snyder
Opus One
TechTarget