Firewall vendors currently fall short in terms of firewall management functions and the upcoming trends in firewall management. What features are real game changers when it comes to firewall management, and how far along is the market in the development cycle?

Introduction: A Brief History of Firewall Management

Firewall eulogies are premature. Firewalls have been at the cornerstone of network security for almost 20 years and will probably remain so until a paradigm shift occurs.

The first commercial firewall, SEAL, was introduced in the early 90's and was managed through the vi text editor. The Visas firewall, by Bob Braden, was the first firewall with a GUI. Check Point's Firewall-1 3.0 administration tool demonstrates several important concepts, including a rule base with an object-level abstraction and support of one policy across many firewalls.

That was 1996. It's amazing to see how similar this product is to contemporary firewall administration tools; apparently, very little progress has been made.

By contrast, core firewall capabilities have been significantly extended. Starting off as simple packet filters, they quickly merged with routers to perform NAT and went on to do IPSec VPNs, content and URL filtering, SSL VPNs, antivirus, and antispam. Recently, firewalls have merged with IPS and have started providing true application-level filtering and user access.

Firewall management tools were extended in parallel to provide configuration utilities for these new capabilities, but there was no conceptual breakthrough. Firewall management functions simply followed the firewall evolution.

Ascent Consulting Services, a company based in Bengaluru, India, has joined with Fortinet to shore up the security of its data center.

Fortinet was founded in Sunnyvale, California, in 2000. It is a market leader in network-security appliances, especially in unified threat management (UTM). A majority of Fortune Global 100 companies deploy solutions provided by Fortinet. The company’s flagship product, Fortigate, delivers ASIC-accelerated performance and integrates multiple security layers. The specialized FortiASIC processors are purpose-built for content and network processing. The company is one of the industry leaders in IT security systems.

Ascent Consulting prides itself on a stable of products and solutions aimed at providing their clients with cost-effective and high-quality solutions. The company offers a wide range of technology, management, and outsourcing solutions. Its products, like iBuild, iForce, and iAsset, combined with services like payroll, compliance, and temporary staffing, make it a leader in its domain. Companies like Thomson Reuters and Yahoo use Ascent’s services.

In a move to implement a world-class security system in its new data center, Ascent chose Fortigate over solutions provided by Juniper, Nortel, and Cisco, to name just a few.

If information is power, then it has to be guarded zealously and considering that a data centre thrives on information, it is logical that security protocols will rule paramount in the physical and IT DNA of a data centre. In fact some data centre locations itself are kept secret.

Take a look at the 50000 square foot facility that CyrusOne runs in Austin and you will know what the word foreboding means - 8 feet high security fence, biometric security measures, security cameras that stare at you unblinkingly, ‘caged’ personnel and access even to regular clients via ID cards. Intrusion detection systems, firewall management and monitoring services provide the electronic and technological side. Physically, the data centre is protected by bullet proof glass, barbed wire fencing and reinforced concrete bollards and so on.

With a wide variety of reader technologies to choose from, it’s important to ensure that the technology selected properly balances risk, cost, and convenience factors. Prox technology is a viable choice, especially for sites where there are existing Prox cards in use, but contactless smart cards represent the next generation Prox technology and offer all of the convenience of Prox along with increased security and additional benefits such as multiple applications, read/write and increased memory. However, when selecting a vendor’s system, be aware that some manufacturers, in an attempt to sell “universal” readers capable of reading almost any contactless smart card, bypasses the security measures of contactless smart cards in order to achieve their goal.

With a wide variety of reader technologies to choose from, it's important to ensure that the technology selected properly balances risk, cost, and convenience factors. Prox technology is a viable choice, especially for sites where there are existing Prox cards in use, but contactless smart cards represent the next generation Prox technology and offer all of the convenience of Prox along with increased security and additional benefits such as multiple applications, read/write and increased memory.

San Francisco has been home to Arch Rock for 4 years. The company is a pioneer in IP-based wireless sensor network technology. So far, the company has been concentrating on energy use in commercial and small buildings. Their Energy Optimizer System has been deployed by around twelve customers since it was first introduced in the market in 2009 middle. This System uses wireless sensors which monitor and record the consumption of energy in buildings.

Physical security is very important in data center design. The big question that needs to be answered is how much of the budget should be allotted for data center security. The answer to this question is not simple, straight forward and one that would hold true in all situations. What percentage of the budget is to be allotted for physical security of the data center would be determined by multiple factors? Every case has to be dealt with its on merits and constraints.

Who better to understand the security needs of a data center then Wackenhut, a provider of security and security-related solutions in the U.S. This month Wackenhunt will open its new data center and with it launch its state of the art remote security monitoring system. This data center will provide central station alarm monitoring.