Hi malware fighters,

In the coming 10 years it is likely that everything will run via port 80, making that the firewall of to-day can no longer protect you. After protocol filtering, modern firewalls are starting to filter applications mainly. New generations of firewall must be able to prevent intrusion and also filter the applications, so 90% of to-day’s firewalls will no longer be relevant in their scanning.
This big port 80 problem is for instance that both PeopleSoft and Digg use the same protocol. It is not enough to know what kind of protocol is involved. Application data are at the heart of the problem. Data Leakage Prevention will be the crux. HTTP cannot be used to run everything, GET and POST are just pumping data around. SOAP is handled in a similar way, so leaks galore!
Will port 443 be used more and more, everything encrypted, and all sorts of applications working via XML, with the bandwidth problems this creates. Through port 443 you can open a socket immediately through a HTTP CONNECT to the proxy, your firewall does not react - with SSL inspection what is attacking you?

polonus