It's all about widening the 5-tuple
If there is a simple way to describe the difference between a next-generation firewall and a traditional firewall, it is "more detailed controls." In firewall terms, people talk about "widening the 5-tuple."
Firewall managers like to use the term "5-tuple," borrowing "tuple" from the world of databases. The "5-tuple" means the five items (columns) that each rule (row, or tuple) in a firewall policy uses to define whether to block or allow traffic: source and destination IP, source and destination port, and protocol.
For example, to allow traffic to a Web server at 22.214.171.124 from the Internet, a typical 5-tuple would include source IP and port of "any" (or "*"), destination IP of 126.96.36.199, destination ports of 80 and 443, and destination protocol of TCP — with an action of "allow." There's variation in every firewall on the market, but at the core of every one you'll find a set of rules that look more-or-less like that: 5-tuples.
Next-generation firewalls "widen" the firewall rule base by adding elements (columns) to each 5-tuple, starting with "application" and "user identity" and perhaps going wider still, factoring in other elements such as "reputation."
Bryan Lunduke talks with Martin Wimpress—the man behind Ubuntu MATE—about why he decided to make his...
I love my iPhone 6 Plus—and that’s Apple’s problem.
The Internet of Things is predicted to grow to a $1.4 trillion market by 2020, which means there are...
The website of toy maker Maisto was infected with malicious code that distributed CryptXXX, a new and...
Follow these steps to reap the benefits of SDN without disrupting your IT environment
Three ways to respond to demands for a fast, iterative, rapid-feedback monitoring solution
Flame wars in the bug tracker might be exactly the right (harsh) feedback your code needs