방화벽이란?

History of Firewalls

방화벽은 1980년대 후반부터 존재해 왔으며 컴퓨터 간에 전송되는 패킷 또는 바이트를 검사하기 위해 설정된 네트워크인 패킷 필터로 시작되었습니다. 패킷 필터링 방화벽은 오늘날에도 여전히 사용되고 있지만 방화벽은 수십 년 동안 기술이 발전함에 따라 먼 길을 왔습니다.

• 1세대 바이러스
  • 1세대 1980년대 후반, 독립형 PC에 대한 바이러스 공격은 모든 비즈니스에 영향을 미쳤고 바이러스 백신 제품을 주도했습니다.
• Gen 2 네트워크
  • 1990년대 중반의 2세대 인터넷 공격은 모든 비즈니스에 영향을 미쳤고 방화벽의 생성을 주도했습니다.
• Gen 3 애플리케이션
  • 3세대, 2000년대 초반, 대부분의 비즈니스에 영향을 미치고 침입 방지 시스템(IPS) 제품(IPS)을 주도하는 애플리케이션의 취약성을 악용했습니다.
• Gen 4 페이로드
  • 4세대, 약 2010년, 표적화된, 알려지지 않은, 회피적인, 다형성 공격의 증가로 대부분의 비즈니스에 영향을 미치고 안티봇 및 샌드박싱 제품을 주도했습니다.
• 5세대 메가
  • 5세대, 약 2017년, 고급 공격 도구를 사용한 대규모, 다중 벡터, 메가 공격 및 고급 위협 차단 솔루션을 주도하고 있습니다.

1993년, 체크 포인트의 CEO인 Gil Shwed는 최초의 상태 저장 검사 방화벽인 FireWall-1을 도입했습니다. 27년이 지났지만 방화벽은 여전히 사이버 공격에 대한 조직의 첫 번째 방어선입니다. 차세대 방화벽 및 네트워크 방화벽을 포함한 오늘날의 방화벽은 다음과 같은 기본 제공 기능을 통해 다양한 기능을 지원합니다.

• 네트워크 위협 차단
• 애플리케이션 및 Identity-Based Control
• 하이브리드 클라우드 지원
• 확장 가능한 성능

The Firewalls Evolution

Just like the networks they protect, firewalls have undergone a significant amount of change over the last decade. Even the earliest firewall tooling was essential to network security, as their 1980s counterparts first came into existence as packet filtering tools.

Early Development: Packet-Filtering Firewalls

The first generation of firewalls, introduced in the late 1980s, employed simple packet filtering. These tools examined data packets at the network layer (OSI Layer 3), and filtered the packets that a network responds to through parameters such as IP addresses, ports, and protocols. However, their lack of contextual awareness and overwhelming focus on individual packets made them vulnerable to complex attacks like IP fragmentation.

The Emergence of Stateful Inspection

The 1990s saw the advent of stateful inspection firewalls, pioneered by Check Point. These second-generation firewalls continuously monitored the state of connections, ensuring that packets were part of an established session. This enhancement significantly bolstered security.

Application Layer and Proxy Firewalls

Application layer firewalls and proxy firewalls emerged around the same time. The former operated at Layer 7, able to analyze and apply application-specific data and rulesets. They were also highly secure – boasting the ability to completely separate traffic requests from the underlying network architecture – but early models suffered from limited processing power and bad latency.

Unified Threat Management (UTM) and Next-Generation Firewalls (NGFW)

The 2010s saw the advent of UTM systems, which sought to combine a firewall’s reactivity with the extra data points from antivirus, intrusion detection, and other enterprise security systems. NGFWs were able to push these integration capabilities by adding deep packet inspection, advanced threat protection, and application-level filtering.

Modern Adaptations: Cloud and AI

Today, firewalls have adapted to cloud environments and containerized applications, giving rise to Firewall-as-a-Service (FWaaS). Building upon the foundation of cross-environment data, AI and machine learning are increasingly being deployed for their superior anomaly detection, predictive threat analysis, and adaptive policy enforcement.

From static filters to intelligent, context-aware systems, firewalls have continuously evolved to meet the demands of an ever-changing threat landscape. Let’s delve into all the features that make today’s firewalls so critical.

다양한 유형의 방화벽

패킷 필터링

Packet filtering is a network security technique used in firewalls to control data flow between networks. It evaluates the headers of incoming and outgoing traffic against a set of predefined rules, and then decides whether to allow or block them.

Firewall rules are precise directives that form a critical part of firewall configurations. They define the conditions under which traffic is permitted or blocked based on parameters such as source and destination IP addresses, ports, and communication protocols. In enterprise environments, these individual rules are nested together to form Access Control Lists (ACLs). When processing traffic, the firewall evaluates each packet against the ACL rules in sequential order. Once a packet matches a rule, the firewall enforces the corresponding action—such as allowing, denying, or rejecting the traffic—without further evaluation of subsequent rules. This structured and methodical approach ensures that network access is tightly controlled and consistent.

프록시 서비스

Since firewalls are happy to sit at the edge of a network, a proxy firewall is naturally well-suited to acting as a single point of entry: in doing so, they’re able to assess the validity of each connection. Proxy-service firewalls completely separate the internal and external, by terminating the client connection at the firewall, analyzing the request, and then establishing a new connection with the internal server.

Stateful Inspection

Stateful packet inspection analyzes the contents of a data packet and compares them to information about packets that have already traversed the firewall.

Stateless inspection analyzes each packet in isolation: stateful inspection, on the other hand, pulls in previous device and connection data to further understand network traffic requests. This is more akin to viewing network data as a continuous stream. By maintaining a list of active connections, and evaluating each from a more macroscopic perspective, stateful firewalls are able to assign network behavior to long-term user and device profiles.

웹 애플리케이션 방화벽

A Web Application Firewall (WAF) wraps around a specific application and examines the HTTP requests being sent to it. Similar to other types of firewall, it then applies predefined rules to detect and block malicious traffic. The components being scrutinized include headers, query strings, and the body of HTTP requests  – all of which contribute to signs of malicious activity. When a threat is identified, the WAF blocks the suspicious request and notifies the security team.

AI-Powered Firewall

Firewalls are essentially powerful analytical engines: they’re perfectly suited for the implementation of machine learning algorithms. Because ML algorithms are able to ingest and analyze far greater amounts of data far faster than their manual counterparts, AI-powered firewalls have consistently been able to outperform their older counterparts when handling novel (zero day) threats.

One of the more common implementations of AI within firewalls, for instance, is User and Endpoint Behavioural Analysis (UEBA). This ingests the historical data from entire networks, and establishes how every user and endpoint typically interacts with it – what resources they use, when they access them, etc.

High Availability Firewalls and Hyperscale, Resilient Load-Sharing Clusters

A high availability (HA) firewall is designed to maintain network protection even in the event of firewall failure. This is achieved via redundancy, in the form of HA clustering: multiple firewall peers working together to deliver uninterrupted protection. In the event of device failure, the system automatically transitions to a peer device, therefore maintaining seamless network security. Above and beyond traditional ‘high availability’ designs,  many organizations now need hyper scalable and telco-class resilient firewall systems to assure 99.99999%+ uptime and up to 1,000 Gbps of network throughput with full threat prevention.  An intelligent load-sharing firewall design distributes network traffic across a firewall cluster. It can also automatically reallocate additional firewall resources to critical applications during unexpected peak traffic conditions or other predefined triggers, and then reassign those firewall resources back to their original group after conditions are back to normal. This optimizes performance and prevents any single device from becoming overwhelmed, and assures maximum network performance under all conditions.

Virtual Firewall

Firewalls were traditionally hardware-exclusive, as they needed the heavy CPU power to manually flick through every rule in the ACL. Now, however, that processing power can essentially be outsourced thanks to firewall virtualization. Virtual systems support internal segmentation: where one tool can be used to set up and monitor multiple segmented firewalls, allowing sub-firewalls to have their own security policies and configurations.

Virtual firewalls offer many advantages: multi-tenancy environments, for instance, benefit from this segmentation. It also allows for larger organizations to implement network segmentation in a more streamlined way, through one central tool. Other than that, virtual firewalls can offer all the same capabilities as their hardware-based counterparts.

클라우드 방화벽

It’s common to see people conflate virtualized firewalls with cloud firewalls, but there is a distinction: whereas virtual describes the underlying architecture, cloud firewalls refer to the enterprise assets they are protecting. Cloud firewalls are those used to protect organizations’  public and private cloud-based networks.

서비스형 방화벽(FWaaS)

Since cloud virtualization now allows for processing power to be purchased and used remotely, virtual firewalls are now possible. This opens up new possibilities for firewall architecture – one of which is Firewall as a Service (FWaaS).

FWaaS, like any SaaS, is a pre-built firewall solution that is deployed through the cloud. Instead of all enterprise traffic being routed and analyzed via an in-house server room, FWaaS’ unique offering is often its global Points of Presence, which allows for more local (and latency-free) firewall deployment.

관리형 방화벽

Finally, it’s all well and good having a firewall – but as we’ll cover shortly, this tool needs continuous refinement and tweaking. Some enterprises find that the human demands of this can quickly overwhelm a lean cybersecurity team. So, many choose to route their traffic via a managed firewall – which is continuously monitored for threats, anomalies, or unusual traffic patterns. These outsourced firewalls can also benefit from the provider’s advanced tooling and threat intelligence.

The Importance of Firewall Protocols

Even basic firewalls are able to dig into the source, destination, and protocols that every packet is conforming to. But visibility alone doesn’t prevent attacks; firewall rules govern how the firewall tool reacts to each packet – ultimately either allowing it through to the enterprise network, or denying it.

These rules are fundamental to maintaining network security by controlling access to and from systems, ensuring that only authorized traffic passes through while malicious or unwanted data is blocked. To save time, most off-the-shelf firewalls offer preconfigured rulesets. After all, many threats are universal, regardless of the specifics of your industry or employees – especially when attackers are able to scan any public-facing networks for common vulnerabilities. By shipping with preconfigured rulesets, modern firewalls allow for an immediate reduction in potential threats that could hit your enterprise; a boon to deployment, allowing administrators to cut a lot of manual setup that a new tool typically demands. This reduces errors and ensures adherence to industry best practices.

방화벽이 필요한 이유는 무엇입니까?

Firewalls, especially Next Generation Firewalls, focus on blocking malware and application-layer attacks. Along with an integrated intrusion prevention system (IPS), these Next Generation Firewalls are able to react quickly and seamlessly to detect and combat attacks across the whole network. Firewalls can act on previously set policies to better protect your network and can carry out quick assessments to detect invasive or suspicious activity, such as malware, and shut it down. By leveraging a firewall for your security infrastructure, you’re setting up your network with specific policies to allow or block incoming and outgoing traffic.

Firewall Security Best Practices

Firewalls aren’t a set-it-and-forget-it solution. The attacks facing your organization are in constant flux, and firewalls that rely solely on manual rule updates demand just as much time and attention.

Set Up Rules According to Least Privilege Principles

Foundational to effective firewall rule management is the principle of least privilege. It functionally means only traffic that serves a specific, necessary business function is allowed. By adhering to this principle, it’s all but guaranteed that future rule changes minimize risk, maintain greater control over network traffic, and limit unnecessary cross-network communication. Applying this to rules demands that details such as source and destination IP addresses (or ranges) and destination ports are always defined. This is why overly permissive rules like “Any/Any,” need to be replaced with an explicit deny/allow strategy for all inbound and outbound activity.

Maintain Up To Date Documentation

As pre-configured rules are changed and updated, clear and comprehensive documentation is essential. Anyone on the network security team should easily understand the purpose of each rule from the documentation. At a minimum, you should record details such as the purpose of the rule, the services it affects, the users and devices involved, the date it was implemented, the rule’s expiration date if temporary, and the name of the analyst who created it.

Protect the Firewall Itself

The firewall isn’t just a critical piece of enterprise safety: it’s the most public-facing piece of any network infrastructure, making unmanaged firewalls themselves a threat. To secure the firewall, a few key best practices are mandatory: insecure protocols like telnet and SNMP should be disabled entirely; configurations and log databases should be backed up; and a stealth rule should be implemented to protect the firewall from network scans. Finally, keep a regular eye on the updates available for the firewall solution.

Group Rules – and Networks – into Corresponding Categories

Segmenting enterprise networks into corresponding security levels is another foundational best practice for network security, and firewall rules are perfectly well-suited for enforcing these segments. To streamline management, organize rules into categories or sections based on their function or related characteristics. This approach allows you to structure the rules in the most effective order and ensures better oversight.

AI-powered firewalls are increasingly able to automate the rules and documentation they’re based on: these massive strides in efficiency are the main reason why NGFWs are replacing their older models.

네트워크 계층 vs. 애플리케이션 계층 검사

네트워크 계층 또는 패킷 필터는 TCP/IP 프로토콜 스택의 비교적 낮은 수준에서 패킷을 검사하여 규칙 집합의 원본 및 대상이 IP(인터넷 프로토콜) 주소 및 포트를 기반으로 하는 설정된 규칙 집합과 일치하지 않는 한 패킷이 방화벽을 통과할 수 없도록 합니다. 네트워크 계층 검사를 수행하는 방화벽은 애플리케이션 계층 검사를 수행하는 유사한 디바이스보다 더 나은 성능을 발휘합니다. 단점은 원치 않는 애플리케이션 또는 멀웨어가 허용된 포트를 통과할 수 있다는 것입니다. 웹 프로토콜 HTTP 및 HTTPS, 포트 80 및 443을 통한 아웃바운드 인터넷 트래픽.

NAT 및 VPN의 중요성

방화벽은 NAT(Network Address Translation ) 및 VPN(가상 사설망)과 같은 기본 네트워크 수준 기능도 수행합니다. 네트워크 주소 변환은 RFC 1918에 정의된 대로 "개인 주소 범위"에 있을 수 있는 내부 클라이언트 또는 서버 IP 주소를 숨기거나 공용 IP 주소로 변환합니다. 보호된 디바이스의 주소를 숨기면 제한된 수의 IPv4 주소가 보존되며 IP 주소가 인터넷에서 숨겨지기 때문에 네트워크 정찰에 대한 방어가 됩니다.

마찬가지로 VPN(가상 사설망)은 인터넷을 통과하는 동안 패킷의 내용이 보호되는 터널 내의 공용 네트워크를 통해 사설망을 확장합니다. 이를 통해 사용자는 공유 또는 공용 네트워크를 통해 데이터를 안전하게 보내고 받을 수 있습니다.

차세대 방화벽과 그 이상

Next Generation Firewall은 TCP/IP 스택의 애플리케이션 수준에서 패킷을 검사하고 Skype 또는 Facebook과 같은 애플리케이션을 식별하고 애플리케이션 유형에 따라 보안 정책을 적용할 수 있습니다.

오늘날 UTM(Unified Threat Management) 디바이스 및 Next Generation Firewalls에는 멀웨어 및 위협을 탐지하고 방지하기 위한 침입 방지 시스템(IPS) 또는 Antivirus 와 같은 위협 차단 기술도 포함되어 있습니다. 이러한 디바이스에는 파일에서 위협을 탐지하는 샌드박싱 기술도 포함될 수 있습니다.

As the cyber security landscape continues to evolve and attacks become more sophisticated, Next Generation Firewalls will continue to be an essential component of any organization’s security solution, whether you’re in the data center, network, or cloud.

Protect your network using Check Point’s Quantum NGFW –  the most effective AI-powered firewalls, featuring the highest rated threat prevention, seamless scalability, and unified policy management.

Combining cutting-edge threat prevention, unparalleled performance, and streamlined efficiency, Check Point Quantum’s advanced capabilities include intelligent traffic inspection, seamless integration with cloud services, and in-depth incident automation. See for yourself how Quantum boasts effortless scalability and centralized policy management with a demo.

To learn more about the essential capabilities your Next Generation Firewall needs to have, download the Next Generation Firewall (NGFW) Buyer’s Guide today.