Skip Links

Why network firewalls and mainframes are still security favorites

Motel 6, for instance, has three times more firewalls than 8 years ago

By , Network World
July 03, 2012 03:42 PM ET

Network World - Network firewalls and mainframes are old technology, but despite calls over the years to do away with one or the other, they remain in widespread use. As to why, just ask IT professionals who manage large networks.

"We have three times the amount of firewalls than seven or eight years ago," says Andrew McCullough, lead infrastructure security architect in the information security and compliance department at Motel 6.

Firewalls used to be assigned mainly to the perimeter of the network, but over time Motel 6 has been building up defenses internally to protect against attacks on Web applications and databases, plus conforming to Payment Card Industry rules to protect cardholder data. That has meant more firewalls that can handle higher bandwidth, and Motel 6 uses the Crossbeam X-Series platform, which can also support intrusion-prevention systems and antivirus filtering.

BACKGROUND: Changes to PCI rules: What you need to know

About eight years ago, advocacy group Jericho Forum gained considerable attention as IT professionals at enterprises and government who were associated with it raised strong criticisms about the network firewall as a barrier to e-commerce around the globe. Some advocated phasing out network firewalls altogether while pushing vendors to come up with alternatives, especially cloud-based security.

McCullough says network firewalls have at times been an impediment to e-commerce. Back in 2006, as online booking of hotel rooms had become a very important means to keep customers coming to the hotel chain, Motel 6 faced "significant issues" because even new firewalls the company had put in were interfering with the smooth flow of booking rooms through the central reservation system in the volumes that were seen online.

"There were very high session counts," says McCullough, declining to name the firewall in use back then. The problem wasn't so much a bandwidth issue as unexpected difficulties with "lots of small packets" associated with reservations and availability requests, plus updated rates, he says.

The situation was hitting a wall in terms of response times for users. Motel 6 management was growing increasingly concerned as it became clear that customers not only got a bad impression from the slow online reservation system, but got fed up and were moving to other hotels. That prompted the Motel 6 IT department to make a review and test of firewalls to replace even the news ones they had, coming up with the Crossbeam X-Series that have grown from supporting 8Gbps throughput to 10 times that and more at present, says McCullough.

"Firewalls have become more central to our infrastructure" than they were just eight years ago, he notes. In one Crossbeam chassis, it's now possible to run 6 independent firewalls, cordoning off internal networks. This configuration also helps cut down on "tap sprawl" related to network ports, reduce risk and not create additional latency, says McCullough. But he acknowledges the multi-application Crossbeam platform, which requires support from three members of the security team, does take time to learn and troubleshoot.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News