Next Generation Firewalls: It’s all about tuples

By Michael Kassner
November 28, 2011, 11:23 AM PST

Takeaway: Next-generation firewalls have been around for several years, but garnered little interest. That’s changing as first-generation firewalls aren’t keeping up.

IT professionals responsible for perimeter defenses are frustrated.

Case in point: Internet traffic of all shapes and sizes traverses port 80. Meaning, port 80 must remain open. Bad guys know this. So port 80 becomes their private malware highway. And trucks, full of malcode, drive right past the check point.

There is hope

I’d like to introduce Next Generation FireWalls (NGFW). Firewalls designed to filter packets based on applications. To continue my analogy, the trucks loaded with malcode can’t drive right past the check point, any more.

Other features incorporated in NGFWs:

  • Enforce company regulations: NGFWs are able to control user access to websites and online applications as required.
  • SSL Proxy: NGFWs are able to decrypt, inspect, and re-establish the encrypted SSL connection. This eliminates encryption as a method of hiding malware.
  • IDS/IPS: NGFWs have incorporated deep packet inspection-to the point where stand alone IDS/IPS devices are not required.
  • Active-Directory friendly: Many NGFWs are able to authorize application usage based upon individual user profiles or groups.
  • Malware filtering: NGFWs provide signature and reputation-based filtering to block malicious applications that have a bad reputation.

Click to enlarge

Vendors

Palo Alto Networks was the first company to offer a NGFW. For information about NGFW requirements per Palo Alto Networks, please check out this white paper (above slide). Barracuda Networks, Juniper Networks, and WatchGuard also offer NGFW solutions.

N-tuple?

Just about every blog post I’ve read about NGFWs mentioned tuples. I had no idea what they were. Hopefully, you do. If not, here’s what I found out.

N-tuple is a collection of attributes. And, in the case of firewalls, these attributes are used to define access requirements. N is a place holder representing the number of attributes in the list. For example, a 5-tuple “firewall allow rule” might include:

  • Source IP address
  • Source port (typically: any)
  • Destination IP address
  • Destination port (80 or 443)
  • Destination protocol (typically TCP)

So, if the packet being inspected has all of the correct attributes, the firewall will allow it to pass.

Widening the 5-tuple

I thought I was “good to go” after figuring out what a tuple was. Then I read something about “widening the 5-tuple”. Widen a tuple. Does that even make sense?

Let’s see if it does.

As mentioned earlier, a first-generation firewall rule employs a collection of 5 attributes or 5-tuple. That is sufficient to carry out stateful port and protocol inspection, Network Address Translation, and Virtual Private Network technology.

A 5-tuple rule set is not sufficient for NGFWs. Next Generation Firewalls need additional attributes such as application type and user identity in order to work as advertised. To understand why, consider the port 80 analogy, one last time.

If it’s discovered that the truck carrying malcode has an illegal license plate, the truck ain’t going anywhere. The same applies to malcode. If its license plate — “application type” attribute — is incorrect, the malcode is blocked from continuing on.

The additional attributes or tuples are “widening the 5-tuple”.

Confession time: I did not find a clear-cut explanation of how tuples relate to firewalls. But, article after article mentioned tuples. So, I jumped in. If my explanation is wrong, I hope firewall and database admins that better understand will bail me out.

Survey says

The Ponomen Institute just completed a survey of NGFWs for SourceFire, Inc. The infographic ( partially shown below) provides several interesting statistics, particularly what is driving interest in NGFWs and the percentage of respondents noticing performance degradation:

Final thoughts

The race toward sophistication between malware and antimalware continues. Stay tuned

Free Windows utilities you should download right now

Everyone who works on a Windows computer has his or her favorite system utilities. But, there are a handful of must-have tools that no Windows user or IT support pro should be without. During this week’s episode of TR Dojo, I give you a list of free Windows utilities that you should download right now.

To keep things simple, I’ve divide the list into five separate categories. And while dozens of applications may fall into each category,

1. Cleaners: CCleaner

Five tips for using Ccleaner to degunk your system
How do I … remove unwanted files with Ccleaner in one click?
Product Spotlight: CCleaner

2. Uninstallers: Revo Uninstaller

Uninstall applications from Windows with Revo Uninstaller
How do I uninstall applications from Windows with Revo Uninstaller?

3. Defragmenters: (UltraDefrag, MyDefrag, Smart Defrag, and Defraggler)

Four free defragmentation tools for power users

4. Remote support tools: CrossLoop

Take control of any Windows PC on the Internet with CrossLoop
Quick and easy remote support with CrossLoop

5. Password recovery and reset utilities: Offline NT Password and Registry Editor

Reset Windows passwords with the Offline NT Password and Registry Editor
Reset lost Windows passwords with Offline Registry Editor
ditor

Microsoft buys Skype for $8.5 billion; creates new business division

microsoft skype

The rumors were right. Microsoft announced on May 10 that it bought Skype, an Internet communications vendor, for $8.5 billion.

Instead of trying to mash Skype into an existing Microsoft business division, the company has decided to create a new, separate Skype business division, with Skype CEO Tony Bates as the newly minted President. Bates will report directly to Microsoft CEO Steve Ballmer.

In its press release announcing the deal, Microsoft played up the potential synergies between Skype and its own communications offerings, including its Lync VOIP platform, Outlook mail, Messenger instant-messaging, Hotmail Web mail and Xbox Live gaming service.

“Skype will support Microsoft devices like Xbox and Kinect, Windows Phone and a wide array of Windows devices, and Microsoft will connect Skype users with Lync, Outlook, Xbox Live and other communities. Microsoft will continue to invest in and support Skype clients on non-Microsoft platforms,”
said the release.

Microsoft offered no timetable or further details as to when and how it will make Skype available as part of any of its existing product offerings.

According to earlier reports, Microsoft was bidding against Google and Facebook for Skype. As my colleague Larry Dignan noted, the $8.5 billion Skype purchase price made for one expensive game of keepaway.

Today’s deal with Skype marks Microsoft’s largest acquisition (dollar-wise) in the history of the company. For the past couple of years, Microsoft execs seemingly had decided that Microsoft’s history of assimilating successfully its big acquisitions (aQuantive, Danger, AdECN, Bungie, etc.) was not so great, resulting in the company shying away from anything but relatively minor, targeted acquisitions

  • Xbox 360 Kinect + SkypeTV: There is already a video chat feature on the Kinect but a Skype-login and interface could encourage more people to make this a part of their Xbox experience. Skype is already on some televisions so integration with the Xbox seems to be a good fit.
  • Windows 7 OS + Nokia + Skype: This could be quite a powerful combination as more and more smartphones are equipped with front-facing cameras and make use of the 4G network, which means video calls will only become the norm on mobile devices. Plus, it gives the partners an edge against Apple’s proprietary Facetime application. Skype users are also able to send SMS messages from the Web to handsets so this could be a great bonus for future customers with Nokia phones running Windows 7.
  • MSN Messenger + Skype: Hopefully, Messenger will be replaced with Skype because IMing on Skype is a breeze but uninstalling Messenger from machines running Windows is a hassle. The combination of Messenger and Skype users will give G-Chat and Google Voice some competition (perhaps to finally roll out to more countries)
  • Outlook + Skype: By integrating your Skype contacts with your email address book to make voice and video calls, Microsoft is looking to the beefed up Outlook to better compete with Gmail/G-Chat/Google Voice.
    MS Lync, Xbox Live + Skype: These new groups will expand Skype’s user base, according to the press release.

Last night, AllThingsD reported that Microsoft dealmaker Charles Songhurst was key in helping Microsoft CEO Steve Ballmer broker the Skype deal. Interestingly, Songhurst also was credited with helping convince the Microsoft brass to call off the Yahoo acquisition.

Microsoft Office 2010 Filter Pack Released

With the retail availability of Office 2010 just a couple of days ago Microsoft has released the official and final filter pack which has been updated to include the new file formats in the newest version of Office.

So what is the filter pack?

The Microsoft Filter Pack is a single point-of-distribution for Office IFilters. IFilters are components that allow search services to index content of specific file types, letting you search for content in those files. They are intended for use with Microsoft Search Services (Sharepoint, SQL, Exchange, Windows Search).

Install this product if you want to search for content in the file types listed below.

The Filter Pack includes:

* Legacy Office Filter (97-2003; .doc, .ppt, .xls)
* Metro Office Filter (2007; .docx, .pptx, .xlsx)
* Zip Filter
* OneNote filter
* Visio Filter
* Publisher Filter
* Open Document Format Filter

System Requirements

* Supported Operating Systems: Windows 7; Windows Server 2003 Service Pack 2; Windows Server 2008 R2; Windows Server 2008 Service Pack 2; Windows Vista Service Pack 1; Windows XP Service Pack 2; Windows XP Service Pack 3

The Microsoft Filter Pack requires the Microsoft Search Service.

Download the Microsoft Office 2010 Filter Packs

Office 2013 details surface on the web

Hot on the heels of the official worldwide release of Office 2010 yesterday, details have surfaced on the next version of the award winning suite – Office 15, or its likely name, Office 2013.

Microsoft Kitchen is reporting that they located a PDF file hosted on a Microsoft-partner owned server, describing details regarding next version of Microsoft Office.

“By the time Office 2010 was released, some Microsoft Engineers had already begun work on the next version (code-named Office 15).”

Microsoft Kitchen also noted that a few Microsoft Employee’s have been writing information about products they are working on, into their LinkedIn profiles – Josh Leong has written on his LinkedIn profile that he is:

“Designing the new visual & interaction experience for Office 15.”

And Ben Gable’s profile says he has:

“Designed major new feature to be introduced in Office 15”

The post notes that there are other new changes that have been mentioned across the web, such as Office Mobile 15 being considered in the planning, that Collaboration is a key point in Office 15, and it should see an Improved Automation Framework. The UI change comes as quite odd, considering the effort Microsoft has put into the ribbon, and the integration they have built into Windows 7 and it’s built in applications, so it is very unknown how large the change could be.

It’s best to remember though, that these details can likely change, and this is very early in the lifecycle – considering Office 2010 was just released, it’s likely not many other details will emerge for a while.

Microsoft’s Office Web Apps go Live

Anyone keeping up with Microsoft Office news in the past year knows about Office Web Apps. With Office 2010, Microsoft has promised the world a free version of its world dominating office productivity suite via the web browser. Unlike traditional versions of Office, Web Apps will live in the cloud and have limited functionality. As of yesterday, the new service has gone live to the public.

On the Windows Team Blog, Microsoft has officially launched Web Apps for everyone in the US, UK, Canada, and Ireland. It is also accessible to other countries as well, just not yet in their native language. Web Apps is built around your personal SkyDrive, which gives you 25 GB of free online storage space for all of your documenting needs. With the desktop version of Office 2010, documents can also be saved to your SkyDrive, then revisited and shared online through your web browser. This makes accessing your personal files on-the-go a cinch. Web Apps also allows multiple people to collaborate on a single document simultaneously, while still maintaining a version history in case you ever need to go back in time. You can even view your saved documents on most smartphones.

At office.live.com, you are greeted with your typical Windows Live ID login screen. Once inside, you will see the ability to create Word documents, Excel spreadsheets, PowerPoint presentations, or OneNote notes. You can also upload existing files from your PC, making the move to SkyDrive an easy one. If using a Silverlight enabled browser, you will gain the additional ease of dragging and dropping your files directly from your PC into SkyDrive.

Microsoft Download Manager for Windows

The Microsoft Download Manager enables you to download files from the Internet in a more reliable and faster way than using a browser alone.

Using the Download Manager makes it easier to download large files such as an application or multimedia files.

The Download Manager has been specifically designed to Manage file downloads from supporting Microsoft Web sites in a secure and reliable way.

Once started, the Download Manager displays an easy¬to-use interface that shows the status of downloads and enables you to resume downloads if they have failed.

The Microsoft Download Manager currently supports downloads from Web addresses starting with http://.

The Microsoft Download Manager requires one of the following operating systems: Windows XP SP2, Windows Vista, Windows 7, Windows Server 2003, Windows Server 2008, and supports the following Web browsers: Windows Internet Explorer 6, 7, 8 & Mozilla Firefox 2, 3.