Next Generation Firewalls: It’s all about tuples

By Michael Kassner
November 28, 2011, 11:23 AM PST

Takeaway: Next-generation firewalls have been around for several years, but garnered little interest. That’s changing as first-generation firewalls aren’t keeping up.

IT professionals responsible for perimeter defenses are frustrated.

Case in point: Internet traffic of all shapes and sizes traverses port 80. Meaning, port 80 must remain open. Bad guys know this. So port 80 becomes their private malware highway. And trucks, full of malcode, drive right past the check point.

There is hope

I’d like to introduce Next Generation FireWalls (NGFW). Firewalls designed to filter packets based on applications. To continue my analogy, the trucks loaded with malcode can’t drive right past the check point, any more.

Other features incorporated in NGFWs:

  • Enforce company regulations: NGFWs are able to control user access to websites and online applications as required.
  • SSL Proxy: NGFWs are able to decrypt, inspect, and re-establish the encrypted SSL connection. This eliminates encryption as a method of hiding malware.
  • IDS/IPS: NGFWs have incorporated deep packet inspection-to the point where stand alone IDS/IPS devices are not required.
  • Active-Directory friendly: Many NGFWs are able to authorize application usage based upon individual user profiles or groups.
  • Malware filtering: NGFWs provide signature and reputation-based filtering to block malicious applications that have a bad reputation.

Click to enlarge

Vendors

Palo Alto Networks was the first company to offer a NGFW. For information about NGFW requirements per Palo Alto Networks, please check out this white paper (above slide). Barracuda Networks, Juniper Networks, and WatchGuard also offer NGFW solutions.

N-tuple?

Just about every blog post I’ve read about NGFWs mentioned tuples. I had no idea what they were. Hopefully, you do. If not, here’s what I found out.

N-tuple is a collection of attributes. And, in the case of firewalls, these attributes are used to define access requirements. N is a place holder representing the number of attributes in the list. For example, a 5-tuple “firewall allow rule” might include:

  • Source IP address
  • Source port (typically: any)
  • Destination IP address
  • Destination port (80 or 443)
  • Destination protocol (typically TCP)

So, if the packet being inspected has all of the correct attributes, the firewall will allow it to pass.

Widening the 5-tuple

I thought I was “good to go” after figuring out what a tuple was. Then I read something about “widening the 5-tuple”. Widen a tuple. Does that even make sense?

Let’s see if it does.

As mentioned earlier, a first-generation firewall rule employs a collection of 5 attributes or 5-tuple. That is sufficient to carry out stateful port and protocol inspection, Network Address Translation, and Virtual Private Network technology.

A 5-tuple rule set is not sufficient for NGFWs. Next Generation Firewalls need additional attributes such as application type and user identity in order to work as advertised. To understand why, consider the port 80 analogy, one last time.

If it’s discovered that the truck carrying malcode has an illegal license plate, the truck ain’t going anywhere. The same applies to malcode. If its license plate — “application type” attribute — is incorrect, the malcode is blocked from continuing on.

The additional attributes or tuples are “widening the 5-tuple”.

Confession time: I did not find a clear-cut explanation of how tuples relate to firewalls. But, article after article mentioned tuples. So, I jumped in. If my explanation is wrong, I hope firewall and database admins that better understand will bail me out.

Survey says

The Ponomen Institute just completed a survey of NGFWs for SourceFire, Inc. The infographic ( partially shown below) provides several interesting statistics, particularly what is driving interest in NGFWs and the percentage of respondents noticing performance degradation:

Final thoughts

The race toward sophistication between malware and antimalware continues. Stay tuned

Advertisements

Windows Live Service Status page gets an update, now tracking Live ID and Family Safety

As part of the latest SkyDrive update today, as we predicted earlier, the rest of Windows Live web services received an update too, up to Wave 5 M2 (version 16.2). As part of this update, Windows Live Service Status, the website that allow you to keep track of the current status of Windows Live services, received an updated too:

Windows Live Service Status

The update means that the service is now located at http://home.live.com/status, different from the previous status.live.com. Besides an URL change, the website itself also received some minor enhancements, now reporting real-time service status of Windows Live Family Safety and Windows Live ID as well. Given that Windows Live ID will become a core part of the upcoming Windows 8, it makes sense that this service needs to be monitored closely and provides the latest status info to its customers.

You can check out the new Windows Live Service Status website now at http://home.live.com/status.

Free Windows utilities you should download right now

Everyone who works on a Windows computer has his or her favorite system utilities. But, there are a handful of must-have tools that no Windows user or IT support pro should be without. During this week’s episode of TR Dojo, I give you a list of free Windows utilities that you should download right now.

To keep things simple, I’ve divide the list into five separate categories. And while dozens of applications may fall into each category,

1. Cleaners: CCleaner

Five tips for using Ccleaner to degunk your system
How do I … remove unwanted files with Ccleaner in one click?
Product Spotlight: CCleaner

2. Uninstallers: Revo Uninstaller

Uninstall applications from Windows with Revo Uninstaller
How do I uninstall applications from Windows with Revo Uninstaller?

3. Defragmenters: (UltraDefrag, MyDefrag, Smart Defrag, and Defraggler)

Four free defragmentation tools for power users

4. Remote support tools: CrossLoop

Take control of any Windows PC on the Internet with CrossLoop
Quick and easy remote support with CrossLoop

5. Password recovery and reset utilities: Offline NT Password and Registry Editor

Reset Windows passwords with the Offline NT Password and Registry Editor
Reset lost Windows passwords with Offline Registry Editor
ditor

Microsoft buys Skype for $8.5 billion; creates new business division

microsoft skype

The rumors were right. Microsoft announced on May 10 that it bought Skype, an Internet communications vendor, for $8.5 billion.

Instead of trying to mash Skype into an existing Microsoft business division, the company has decided to create a new, separate Skype business division, with Skype CEO Tony Bates as the newly minted President. Bates will report directly to Microsoft CEO Steve Ballmer.

In its press release announcing the deal, Microsoft played up the potential synergies between Skype and its own communications offerings, including its Lync VOIP platform, Outlook mail, Messenger instant-messaging, Hotmail Web mail and Xbox Live gaming service.

“Skype will support Microsoft devices like Xbox and Kinect, Windows Phone and a wide array of Windows devices, and Microsoft will connect Skype users with Lync, Outlook, Xbox Live and other communities. Microsoft will continue to invest in and support Skype clients on non-Microsoft platforms,”
said the release.

Microsoft offered no timetable or further details as to when and how it will make Skype available as part of any of its existing product offerings.

According to earlier reports, Microsoft was bidding against Google and Facebook for Skype. As my colleague Larry Dignan noted, the $8.5 billion Skype purchase price made for one expensive game of keepaway.

Today’s deal with Skype marks Microsoft’s largest acquisition (dollar-wise) in the history of the company. For the past couple of years, Microsoft execs seemingly had decided that Microsoft’s history of assimilating successfully its big acquisitions (aQuantive, Danger, AdECN, Bungie, etc.) was not so great, resulting in the company shying away from anything but relatively minor, targeted acquisitions

  • Xbox 360 Kinect + SkypeTV: There is already a video chat feature on the Kinect but a Skype-login and interface could encourage more people to make this a part of their Xbox experience. Skype is already on some televisions so integration with the Xbox seems to be a good fit.
  • Windows 7 OS + Nokia + Skype: This could be quite a powerful combination as more and more smartphones are equipped with front-facing cameras and make use of the 4G network, which means video calls will only become the norm on mobile devices. Plus, it gives the partners an edge against Apple’s proprietary Facetime application. Skype users are also able to send SMS messages from the Web to handsets so this could be a great bonus for future customers with Nokia phones running Windows 7.
  • MSN Messenger + Skype: Hopefully, Messenger will be replaced with Skype because IMing on Skype is a breeze but uninstalling Messenger from machines running Windows is a hassle. The combination of Messenger and Skype users will give G-Chat and Google Voice some competition (perhaps to finally roll out to more countries)
  • Outlook + Skype: By integrating your Skype contacts with your email address book to make voice and video calls, Microsoft is looking to the beefed up Outlook to better compete with Gmail/G-Chat/Google Voice.
    MS Lync, Xbox Live + Skype: These new groups will expand Skype’s user base, according to the press release.

Last night, AllThingsD reported that Microsoft dealmaker Charles Songhurst was key in helping Microsoft CEO Steve Ballmer broker the Skype deal. Interestingly, Songhurst also was credited with helping convince the Microsoft brass to call off the Yahoo acquisition.

What Comeing with Windows 8?

When Will Windows 8 be Released?

According to the article, Microsoft currently plans to ship Windows 8 by mid-2012; thus, the first beta should be released by mid-2011 and public beta should follow by the end of 2011. Windows Server “8″/2012 is also being developed concurrently.

User Detection

Windows 8 will likely support detection of which user just walked in the room so that it can automatically turn on your PC, log you in, and play your favorite music. When you get up and leave, Windows will automatically log your PC off for you.

Emphasis on Appliance-like Power On

System bootup speeds will probably improve a little (especially since SSDs are becoming standard) but Microsoft plan to emphasize the current power-saving features: Sleep and Hibernate, which they’ll probably rename to something like “Pause” or “Low-power Standby”.

Digital Media Support

Windows 8 should support the following emerging digital media formats:

AVC HD (with chapter seek.)
3D video.
Multiple MPEG-4 formats for the web.
Improvements to MJPEG (webcams and still cameras.)
MPEG-2 (decoding/encoding.)
H.264 (encoding.)
WMV Improvements .

Windows 8 should also come with native TV tuner support so third-party cards and software wont be needed for TV tuning (possibly to coincide witht he RJ45 digital media standard, which is coming.)

Next Generation Device Support

Windows 8 will natively support the USB 3.0 standard (and devices with USB 3.0) and Bluetooth 3.0 (but not Bluetooth 3.0 + High Speed.) Microsoft is also considering deprecating Firewire/IEEE1394 support (i.e. Firewire/IEEE1394 devices will still work but enhancements to support will cease.)

Software Purchases Through the Windows Store

It’s looking likely that Microsoft will adopt a similar (albeit a little less restrictive) software similar to Apple’s App Store. Software and upgrades will be available for purchase through this store. I look forward to the development of this feature.

Internet Explorer 9

Internet Explorer 9 will be part of Windows 8 (IE 9 beta is expected in August 2010 with a Released to Web version date TBD.)

Windows Live Wave 5

Windows Live Wave 5 be shipped/developed concurrently with Windows 8. (Windows Live Wave 4 will ship sometime in late 2010.)

Microsoft Office 2010 Filter Pack Released

With the retail availability of Office 2010 just a couple of days ago Microsoft has released the official and final filter pack which has been updated to include the new file formats in the newest version of Office.

So what is the filter pack?

The Microsoft Filter Pack is a single point-of-distribution for Office IFilters. IFilters are components that allow search services to index content of specific file types, letting you search for content in those files. They are intended for use with Microsoft Search Services (Sharepoint, SQL, Exchange, Windows Search).

Install this product if you want to search for content in the file types listed below.

The Filter Pack includes:

* Legacy Office Filter (97-2003; .doc, .ppt, .xls)
* Metro Office Filter (2007; .docx, .pptx, .xlsx)
* Zip Filter
* OneNote filter
* Visio Filter
* Publisher Filter
* Open Document Format Filter

System Requirements

* Supported Operating Systems: Windows 7; Windows Server 2003 Service Pack 2; Windows Server 2008 R2; Windows Server 2008 Service Pack 2; Windows Vista Service Pack 1; Windows XP Service Pack 2; Windows XP Service Pack 3

The Microsoft Filter Pack requires the Microsoft Search Service.

Download the Microsoft Office 2010 Filter Packs

Office 2013 details surface on the web

Hot on the heels of the official worldwide release of Office 2010 yesterday, details have surfaced on the next version of the award winning suite – Office 15, or its likely name, Office 2013.

Microsoft Kitchen is reporting that they located a PDF file hosted on a Microsoft-partner owned server, describing details regarding next version of Microsoft Office.

“By the time Office 2010 was released, some Microsoft Engineers had already begun work on the next version (code-named Office 15).”

Microsoft Kitchen also noted that a few Microsoft Employee’s have been writing information about products they are working on, into their LinkedIn profiles – Josh Leong has written on his LinkedIn profile that he is:

“Designing the new visual & interaction experience for Office 15.”

And Ben Gable’s profile says he has:

“Designed major new feature to be introduced in Office 15”

The post notes that there are other new changes that have been mentioned across the web, such as Office Mobile 15 being considered in the planning, that Collaboration is a key point in Office 15, and it should see an Improved Automation Framework. The UI change comes as quite odd, considering the effort Microsoft has put into the ribbon, and the integration they have built into Windows 7 and it’s built in applications, so it is very unknown how large the change could be.

It’s best to remember though, that these details can likely change, and this is very early in the lifecycle – considering Office 2010 was just released, it’s likely not many other details will emerge for a while.