Discuss the limitations of firewalls. How do modern firewalls differ from the old ones in dealing with these limitations?

Firewalls have several limitations. They primarily protect against external threats but offer limited defense against internal attacks, insider threats, or social engineering schemes that trick users into compromising security. Traditional firewalls do not prevent attacks that bypass them, such as those originating from modems or compromised laptops brought into the network, or those embedded in encrypted traffic. They are also less effective against advanced persistent threats or polymorphic malware that can evade signature-based detection. Furthermore, older firewalls have limited visibility into application-layer attacks.

Modern firewalls, often called Next-Generation Firewalls (NGFWs), address many of these limitations through enhanced capabilities:

• Application Awareness and Control: Unlike old firewalls that largely relied on ports and protocols, modern firewalls perform deep packet inspection to identify and control specific applications, regardless of the port they use. This helps mitigate application-layer attacks.
• Integrated Threat Intelligence: NGFWs incorporate intrusion prevention systems and advanced malware protection, using continuously updated threat intelligence feeds and sandboxing to detect and block new and sophisticated threats, including zero-day attacks and polymorphic malware.
• SSL/TLS Decryption and Inspection: To counter threats hidden in encrypted traffic, modern firewalls can decrypt, inspect, and then re-encrypt SSL/TLS traffic before forwarding it, providing visibility into previously obscured attacks.
• User Identity and Context Awareness: Modern firewalls can integrate with directory services to apply security policies based on user identity, group, and device, rather than just IP addresses. This helps in managing internal access and addressing insider threats more effectively.
• Web Application Firewalls (WAFs): While not a core component of every NGFW, specialized WAFs are often deployed alongside modern firewalls to specifically protect web applications from common web-based attacks like SQL injection and cross-site scripting.