Once hold baggage is checked, a machine at the airport reads the barcode on the luggage label and directs the luggage to the correct airplane. One customer may have multiple pieces of luggage, but the machine looks at each one on individually and does not know that there may be multiple pieces of luggage that are related. This is similar to a firewall inspecting each packet of data and making forwarding decisions one packet at a time. Whereas firewalls understand packets, or individual chunks of data, and look at the source and destination and see if it matches defined rules, security gateways that address port 80 traffic understand data. They rebuild complete Web content and make decisions based on this content and its parameters. The x-ray analogy is a clear one; port 80 security devices are able to 'look inside' Web traffic and assess whether it is genuine and perfectly innocent, or an attempt by a hacker to test the network's defences.

A web page is made up of many individual pieces of data and may come to the user hundreds of individual packets, so this ability to 'look inside' them is crucial.

The device can then make decisions based on user, file-type, MIME-type, active content type, original web site, time of day, browser, user, group, site of user and other such factors. It can also take individual objects and redirect them to virus scanning devices, something that is not possible if the only understanding gained is on a packet-by-packet basis. There is a further parallel to be drawn over virus scanning, which is similar in its function to x-raying hand luggage, while metal detectors that passengers must walk through are like removing mobile code such as Java and Active-X.

Acting On Intelligence

Security gateways, also, provide an enterprise with complete logs of every user, every request, everything that happens. They allow security-critical statistics to be analysed, such as time online by user, users creating the most Web traffic, most popular sites, split of data by site category, the amount of streaming data and types of browser in use.


This gives the organisation far better information on which to act. Take the usual security system based largely on firewalls, which list traffic only by IP address, not by user. From a HR perspective this is useless, as management cannot discipline staff if they are unsure who is doing what, and so the threat pervades.

So, just like airlines who need to know their most important customers, who habitually arrives late at check-in, who uses multiple airlines, and who is loyal, security gateways can show what each user does, for how long, and where they go. Then the company's management can ascertain whether there is a problem that needs to be addressed.

Implications For The IT Function

The most significant capability on security gateways is the quantum leap in security sophistication that they deliver to the enterprise. Essentially, they allow organisation to upgrade or downgrade their security curtain as circumstances dictate, just like an airport.