Feeds

Firewall tech pioneer Gil Shwed: Former teen sysadmin on today's infosec biz

Prince of State(ful) inspection 20 years on

The Power of One eBook: Top reasons to choose HP BladeSystem

Feature Twenty years after the technology behind FireWall-1 was first developed, the teenage coding prodigy who founded Check Point says that "IT security is [still] very hot".

Shwed, 44, is the co-founder, chief exec and chairman of Check Point, whose FireWall-1 software, according to the firm, is installed at every Fortune 100 company. Check Point claims FireWall-1 has never been breached.

At the tender age of 10, Shwed began taking weekly computer classes in his home town of Jerusalem and soon began showing up to the computer room every day, so he could learn on his own. By the age of 12, he had secured a summer job coding for a language-translation software company.

Shwed never went to university. While still at school at age 14, Shwed says he started an almost full-time job as a system administrator at Hebrew University in Jerusalem. From the age of 16, the university put him in charge of its computer systems for around two years until he began his national service in the army at age 18.

During his army service in the Israel Defense Forces, Shwed reportedly joined the IDF's Intelligence Corps (Unit 8200) where he put together military computer networks enabling certain users to access confidential materials blocked to other less privileged and trusted users. Shwed kept the idea in mind when he completed his military service in 1990.

After the army, Shwed joined the Israeli startup company Optrotech as a software developer, where he met Marius Nacht.

Shwed, Nacht and another friend, Shlomo Kramer, who had served with Shwed in the IDF, saw the potential of technology to filter and control traffic to separate computers on business networks from the wider internet. The idea that would eventually evolve into FireWall-1 was first developed in April 1993. The three friends started Check Point Software in July 1993, just a few months later.

The trio realised that businesses that connected themselves to the internet would need safeguards, creating a market for the port control protocol and blocking capabilities that were the main feature of early firewalls. The stateful inspection* technology Shwed developed and patented is still in use in modern firewalls, albeit in a highly revamped form.

It's hard to imagine now, but at the time few people knew what the internet was - much less that it posed a network security risk that needed guarding. The World Wide Web was a brand new concept, and browser software had not yet been invented.

Shwed, Kramer and Nacht - all in their early twenties at the time - worked in a relative’s apartment for a year, programming for 12-14 hours a day, before emerging with a product after a year's hard graft.

The team gave FireWall-1 first public debut at the 1994 NetWorld Interop show in Las Vegas. The trio reportedly shared a booth with another company, and brought no promotional items, just their product, FireWall-1. Despite their apparent lack of marketing savvy, FireWall-1 ended up winning the best-in-show award, helping to propel Check Point into the limelight.

In 1994 Check Point signed an OEM agreement with Sun Microsystems. It followed this up with a deal with HP a year later. The firm went public a year after that, in 1996.

Check Point's range of software products includes firewalls, UTM appliances, endpoint security (partly through the Zone Alarms acquisition), virtualisation security, and various products that integrate network management and security.

Shwed has been at the helm throughout. The 44-year-old comes across as an essentially a geek, albeit one with a shrewd business mind, who is proud of the company and the people it employs.

Shwed is a member of the board of trustees of Tel Aviv University and the chairman of the board of trustees of the Youth University of Tel Aviv University. He is also a member of the board of directors of Yeholot Association, which works to reduce dropout rates in high schools. Shwed is more than rich enough to retire or throw himself full time into charity work like Bill Gates but that would mean relinquishing his role at the company, which he obviously relishes. During the keynote for Check Point's European user conference, he spoke of the possibility of remaining at the helm for another 10 or even 20 years.

"I like it, so why should I do something else? The chances of founding another firm that's as interesting and successful aren't high," Shwed said, adding that everyone at the company was working to keep Check Point independent.

Shwed added that the attitude adopted by security vendors and experts has changed over the years from "don't do that it's dangerous" to an attitude more in tune with understanding business requirements, such as implementing secure links to branch offices and home workers using VPN (virtual private network) technology. Firewall technology has moved away from the perimeter and into the data centre, he said.

The Check Point boss reckons that IT security remains an exciting sector for budding entrepreneurs and technologists. "IT security is very hot," Shwed said during a press conference at the recent Check Point Experience user conference in Barcelona, Spain "It gets a lot of attention in the media.

"That said, information security is much more competitive; it's hard to develop something completely new. There are so many segments and sub segments, so you [have to] educate security distributors and the channel.

"But when I first started out I had to persuade people there was a market for the internet, so at least there's not that problem." ®

Bootnote

*A stateful firewall is programmed to keep tabs on the state of network connections (such as TCP streams or UDP communications) which move across it - a feature that made the technology more sophisticated than a simple packet filter.

The technology is designed to distinguish legitimate packets from different types of connections originating from rogue or hacker-generated traffic. Only packets matching a known active connection will be allowed to pass by the firewall; others will be rejected or blocked.

This compares with stateless inspection, which is pure packet filtering. Stateless means there is no memory of previous packets, which makes the firewall vulnerable to spoofing attacks as it has no way of knowing if any given packet is part of an existing connection, is a new connection, or is just a rogue packet.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.