Podcasts
Word Notes
Ep 120
Word Notes 10.11.22
Ep 120 | 10.11.22

Secure Web Gateway (noun)

Show Notes
Transcript

Rick Howard: The word is: Secure Web Gateway

Rick Howard: Spelled: Secure as in protection from malicious activity, web as in the internet, and gateway as in a tool that regulates web traffic.

Rick Howard: Definition: A layer seven firewall that sits in line at the boundary between the internet and an organization's network perimeter that allows security policy enforcement and can perform certain prevention and detection tasks.

Rick Howard: Example sentence: The secure web gateway prevented the user from accessing a malicious website. 

Rick Howard: Origin and context: In 1988, Jeff Mogul, Brian Reid, and Paul Vixie, working for Digital Equipment Corporation, conducted the first research on firewall technology. This was the first generation of firewall architectures. Between 1989 and 1990 Dave Presotto and Howard Trickey of Bell Labs pioneered the second generation where their research in circuit relays.

Rick Howard: They also implemented the first working model of the third generation firewall architectures, known as application layer firewalls. Between 1990 and 1991, Gene Spafford of Purdue University, Bill Cheswick of Bell Labs, and Marcus Ranum independently researched application layer firewalls. These application layer firewalls eventually evolved into next generation firewalls many years later. Marcus Ranum's Firewall work received the most attention and took the form of bastion hosts running proxy services. In 1992, Digital Equipment Corporation shipped DEC SEAL, the first commercial firewall, and included proxies developed Ranum.

Rick Howard: In 1994, Check Point Software released the first stateful inspection commercial firewall, a layer three firewall that allowed security policy based on IP addresses, ports, and protocols. In 1994, William Cheswick and Steve Bellovin, published "Firewalls and Internet Security Repelling the Wily Hacker," the first book on firewalls as a technology. They called it a circuit-level gateway and packet filtering technology. Interestingly, their ideas came from the desire not to keep intruders out of their networks, but to keep employees from going to bad places on the internet. Palo Alto Networks launched the first next-generation firewall in 2007, a firewall that not only does stateful inspection at layer 3, but most importantly allows rules that the application layer, layer 7. Firewall administrators could not only block network traffic to and from bad IP addresses, but could also block access to applications tied to the authenticated user.

Rick Howard: In other words, the marketing department can go to Facebook, but the developers can't. Next generation firewalls gave infosec leaders the first ability to enforce rudimentary zero trust policy. By the 2010s, some firewalls had morphed into giant orchestration engines. In other words, instead of deploying multiple independent security tools inline at the perimeter that infosec teams had to manage and orchestrate separately, the next generation firewall became a swiss army knife of security tools; one box, either hardware or software, that could do everything: layer 3 policy, layer 7 policy, intrusion detection, anti-malware, XDR, etc.

Rick Howard: By the late 2010s, the secure web gateway emerged as a simpler firewall that abandoned the orchestration engine idea and just performed layer 7 policy functions. According to Gartner's information technology glossary, quote, these gateways must at a minimum, Include URL filtering, malicious-code detection and filtering, and application controls for popular web applications such as instant messaging and Skype. Native or integrated data leak prevention is also increasingly included, end quote.

Rick Howard: Nerd reference: In 2015, Bill Cheswick presented at the Vintage Computer Federation Conference and talked about some of the early days of computer security when he took a job at the famous Bell Labs in the late 1980s and worked for computer science legends like Dennis Richie, the co-creator of the Sea Programming Language and the Unix operating system written in C, with colleagues Ken Thompson, Brian Kernighan and Rob Pike, and he talked about how his experiments with a proto firewall protected Bell Labs from the infamous Morris Worm in the late 1980s.

Bill Cheswick: And in 1987 I said, I wonder if I could work at Bell Labs. Could this, could I do this? I'm, I'm an IT guy. I could go be janitor for Dennis Richie. How cool would that be? And I applied. And, uh, the interview for the day involved eight people, most of whom you, many of you have heard of. Brian Carnahan, Rob Pike, Ken Thompson, Dennis Richie. Uh, and a couple others, my future bosses and I decided even if at the end of the day they decided I was a jerk and they never wanted to see me again. It was a pretty remarkable day. And it turns out they hired me and I started at the end of 1987. I was working there for three weeks and I said, Well, I've started work, I volunteered to work as postmaster, which is kind of like volunteering to be proctologist. Um, it's a thankless job because if you get it right, nobody notices, and if you don't, they're really pissed off with you and I went up to the postmaster, Dave Presdo, and I said, This email seems like a wave of the future. I wanna learn something about it, I'll be postmaster. He said, Okay, you got it. I also took over a prototype firewall he'd put up about a year before and started running and I, at about a year later, the Morris Worm came out and our firewall stopped it. In fact, I woke up the morning, the Morris Worm hit the internet and a friend of ours had called the house and said, There's something bad on the internet, you might want to check it out and I went into work, and there was Peter Weinberger on the phone, say, calling various places and saying, Did you get the worm, we didn't ha ha and of course it was my firewall that was keeping it out. 

Rick Howard: Word notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The . Mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.

Word Notes
Podcast Info
HOST(S):
Rick Howard
Rick Howard is the CSO of N2K and the Chief Analyst, and Senior Fellow at the N2K Cyber, formerly CyberWire. His past lives include CSO at Palo Alto Networks, CISO at TASC, the GM at Verisign/iDefense, the Counterpane SOC Director, and the Commander of the Army's Computer Emergency Response Team (CERT). Rick served 25 years in the Army, taught computer science at West Point, edited two books and just published his own book, "Cybersecurity First Principles: A Reboot of Strategy and Tactics" and he is regularly joined at the N2K Cyber's Hash Table by a collection of industry experts.
Schedule: Tuesdays
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by NordLayer
Sponsored by NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. We help organizations of all sizes to fulfill scaling and integration challenges when building a modern secure remote access solution, within an ever-evolving SASE framework. Learn more.