My Security Christmas List

Christmas ’07 is fast approaching and my kids already have their Christmas lists done. So, I thought I’d do a Christmas list of my own, with a twist. If I could get Santa’s elves to build me a shiny new piece of network security hardware what would I want? We’ll I’d ask for a reputation based firewall that’s what! I’ve seen the ultimate power that reputation databases, like IronPort’s SenderBase, can add to email anti-spam products and URL Web Security products. So I made the not so giant leap that adding reputation to firewalls makes sense. So how would my new reputation based firewall work you ask, well check this out:

  • Firewall Admin creates a rule that says if a source IP address coming inbound from the Internet has a reputation of -10 to -5 (on a scale of -10 to +10) then drop it no matter what
  • Additional rules would be added like if source IP has reputation of -4 to 0 then rate limit the traffic, set a Quality of Service marking of best effort, perform additional deep packet inspection on the traffic flows. A final rule for traffic with a +1 to +10 would direct the firewall to perform it’s normal stateful inspection checks. On the ASA for example this would mean that your current firewall rules, or ACLs, would then be run/used.
  • You could use your IPS sensors, AV, and HIPS programs running in your internal network to determine and alter the reputation scores of your internal hosts as well. These would then be fed back into the reputation database for your local environment thus allowing you to use a reputation based firewall internally.

I think you get the point by now of how a reputation firewall could be used and why it would be so much more powerful and accurate than firewalls of today. If you’re in need of some more info on what a reputation database is see http://www.ironport.com for an example. They call theirs SenderBase and it sees about 25% of the worlds email traffic. Point being that these reputation databases exist day and are very accurate. I don’t see any reason why we couldn’t re-use these for firewalling. Well that is what I’d like Santa’s Elves to build for me. What security product would you put on your Christmas list? What do you think of a reputation based firewall product? The opinions and information presented here are my personal views not those of my employeer.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.