Who Invented the Firewall?
The History, Evolution, Types, and Generations of the Computer and Network Firewall
In Computers and Technology, a Firewall is a real-time computer and network security system that uses various technologies such as Rules, Access Lists, Antivirus, Sandboxing, Network Profiling, Intrusion Prevention System, Deep Packet Inspection, Web Filtering, Anti-Spam, VPN, etc. to block malware attacks, filter malicious traffic, and prevent any unauthorised access to the network.
A firewall acts as a barrier between two networks, for example, between a company network and the rest of the internet. Or, between a home computer and the Internet.
In order to understand the various types of firewall technologies, one needs to be aware of the OSI model.
The Open Systems Interconnection (OSI) Model conceptually divides the network into seven layers, each one of which has a specific purpose. To make it easier, the top layer is the software layer and the bottom layer is the hardware layer, in between, we move from software to hardware (or from hardware to software).
The Seven Layers of the OSI Model are:
- Application Layer
- Presentation Layer
- Session Layer
- Transport Layer
- Network Layer
- Data Link Layer
- Physical Layer
Evolution, History, Types, and Generations of the various Firewall Technologies
- 1988 – First Generation – Packet-Filter Firewall
- 1989 – Second Generation – Stateful Firewall
- 1991 – Third Generation – Application Layer Firewall
- 2004 – IDC coins the term Unified Threat Management (UTM)
- 2009 – Gartner defines the Next-Generation FireWall (NGFW)
1988 – DEC Packet-Filter Firewall
In 1988, Digital Equipment Corporation (DEC) developed the first generation of firewall technology called the Packet-Filter Firewall. The Packet Filter Firewalls inspected the packets of information transferred between computers of a network. If the packet did not match the Packet Filter’s rules, the packet was either dropped or rejected. The packet was allowed to pass if it matched the filtering rules. The filtering could be based on a number of mechanisms such as the source and destination network addresses, the protocols used, and the port numbers on both ends.
This type of firewall does not look at the connection state of the packet. Thus, it doesn’t maintain a state. Therefore, these are called the Stateless Firewalls. These operated on the Network layer of the OSI model. These are also called the Network layer firewalls
1989 – AT&T Bell Labs Stateful Firewall
In 1989, AT&T Bell Labs developed the second generation of firewall technology called the Circuit Level Gateway, which was the first Stateful Firewall. A Stateful Firewall keeps information about the active sessions and connection states; it records all connections passing through it.
These firewalls use the connection state information to manage packet filtering. If a packet to be transferred does not meet the active connection, it is evaluated according to the filtering ruleset established for creating new connections. If it matched the rules, the packet was allowed to transfer. Because these kept tracks of the state of the connection, these were called the Stateful Firewalls.
The Stateful Firewalls monitor incoming and outgoing packets as well as the connection states, and then they store this information in the dynamic state tables. After establishing a connection, only those packets are allowed to pass through that are associated with the connections listed on the dynamic state tables. The sessions stored in this table time-out if no traffic has passed for a defined time period. This prevents the table from filling up.
The Stateful Firewalls are the second type of Network layer firewalls. These firewalls operated on the Transport Layer as well.
1991 – DEC Application Layer Firewall
In 1991, Digital Equipment Corporation (DEC) released the third generation of Firewall technology called the Application Layer Firewall with their product called DEC SEAL (Secure External Access Link). These firewalls run on the Application layer. Therefore, these are capable of inspecting all of the data travelling to and from all the running software. The main aim of these firewalls is to protect the computers for malware.
As the name suggests, and Application Layer Firewall manages the traffic on applications such as Web browsers, and others that connect to the Internet and send or receive data. It also manages traffic on FTP, Telnet, and HTTP.
Other Firewall products:
- In 1994, the Firewall Toolkit (FWTK) firewall is released.
- The same year, Trusted Information Systems release the Gauntlet
- Check Point releases FireWall-1 in 1994.
2004 – IDC coins the term Unified Threat Management (UTM)
In 2004, International Data Corporation (IDC) coins a term in the Network Security called Unified Threat Management (UTM). A UTM firewall is a security system for the real-time network protection. It is the evolution of the traditional firewall into a comprehensive network security solution. A UTM uses technologies such as Network Firewall, Web Filtering, Gateway Antivirus, Intrusion Prevention System (IPS), Anti-Spam, VPN, etc. to protect networks from threats.
2009 – Gartner defines Next-Generation FireWall (NGFW)
In 2009, Gartner introduces the concept of the Next-Generation FireWall (NGFW). A Next-Generation FireWall (NGFW) uses the concepts of the traditional firewall along with newer technologies such as Network Firewall, Intrusion Prevention System (IPS), Deep Packet Inspection (DPI), Sandboxing, Application Control, URL Filtering, Advanced Malware Protection, Network Profiling, Identity Policy, VPN, etc.
This was a short history of the various firewall types and generations.