Each is a threat that needs to be considered separately. But the most significant change to network security for years has just materialised, and it means that firewalls need a complementary gateway barrier if defence against invasions via Web traffic is to be effective.
Ten years ago, when corporate networks largely consisted of internal data traffic handled by bridges, hubs, and LAN switches, with routers managing what limited Internet access there was, the firewall symbolised a gleaming piece of state-of-the-art 'machinery', capable of identifying and tackling any external threat.
Things have changed. The ubiquity of Internet access within the modern enterprise is such that Web traffic levels are increasing daily, and so are the security threats that this brings with it.
This does not mean, though, that the firewall has been made redundant - far from it. In fact the very real security concerns facing businesses today are such that the firewall is more vital than ever. But separate appliances, allied with firewalls in a co-ordinated defence system, are required to tackle the emergence of a new loophole - port 80, over which the vast majority of Web traffic flows, and is subjected to only very basic checks.
Airport Sophistication Needed
The situation facing IT departments is uncannily similar to that facing the fledgling airlines and airports - and indeed the passengers using them - when air travel first emerged as a popular phenomenon. Then, arrive at the airport with a passport and the right ticket and you were directed to the right aircraft While the same is true today, the overall system has been tightened somewhat.
Even the least comprehensive of airport security systems for departing passengers will perform basic questioning at check-in. But it will also have security staff patrolling the check-in areas looking for suspicious behaviour, weighing and x-raying of hold baggage, x-raying of cabin baggage and possible body searching, metal detector checks for passengers, plus further questions and scrutiny at the gate and all areas of the airport constantly monitored by closed-circuit television for anything untoward. At the destination, sniffer dogs check baggage once more and immigration checks and further x-raying of baggage is undertaken. Depending on the route and the customer, different numbers and types of checks are undertaken.
While superficially it seems that the level of security is governed by the number of checks carried out, in fact it is a combination of the checks and the types of security threat being checked for: while a terrorist with a concealed weapon may be able to bluff his way through verbal checks, he may not beat a metal detector, and a keen-eyed security guard should have cause for concern and frisk him if needed. Granted, no defence system is ever totally impenetrable, but airports have realised - largely for common sense reasons - that threats comes from all sides and in varying shapes and sizes, hence multi-faceted protection is critical.
Firewalls are the equivalent of check-in. The passenger name and destination ticket are checked, if they match, the passenger is allowed to continue. Port 80 security devices provide to enterprise networks to the rest of an airport's security arsenal, see table below.