Firewalls = Double-Edged Sword?
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Firewalls = Double-Edged Sword?

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    15

    Exclamation Firewalls = A Double-Edged Sword?

    Hello all...

    Recently I've been thinking quite a bit about software-based firewalls. We know that firewalls can protect us if configured correctly, but can they do more harm than good (or more good than harm)?

    I'm mainly thinking in terms of remote exploits/vulnerabilities for software-based firewalls.

    For example, in the past, Kerio Personal Firewall just alone has encountered numerous exploits/vulnerabilities, such as:

    -Multiple SYN Packet Denial Of Service Vulnerability

    -Firewall Filter Bypass Vulnerability

    -Replay Attack Vulnerability

    -Remote Authentication Packet Buffer Overflow Vulnerability

    -Fragmented Packet Filter Bypass Vulnerability


    Now with all of this in mind, is a user doing more harm than good by running a software-based firewall which is vulnerable to the list of exploits mentioned above?

    The user could always update their firewall, switch to a hardware-based firewall, or even choose to use a different firewall all together, however, the fact remains that software-based firewalls will always be vulnerable to newly discovered/undiscovered exploits.

    A firewall is supposed to protect the user from outbound attacks, not open up a handful of vulnerabilities for a malicious person to take advantage of.

    Firewalls are essential for everyone, this I understand. However, let's take into account a savvy user who has locked down their computer, closed any unnecesary services/ports, is fully patched (system and anti-virus wise), and practices overall safe-computing. Would this user be doing more harm than good, by installing an insecure firewall to a rather secure system (as far as computer's without firewalls are concerned)?

    These are just some abstract thoughts. Is there something I'm missing or don't understand? If anyone can clarify or elaborate, I would really appreciate it!

    Thanks!

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Firewalls are essential for everyone, this I understand.
    That I don't know about. It helps in having a layered security environment but is it essential? That's been a bit of a debate going on here for a while. In one of my courses I'm changing the labs so that students are required to secure a network without a firewall. The reason? I think too many people are using firewalls as crutches.

    They configure firewalls well enough but forget to harden their systems and ensure their systems are secure. They make the assumption that attacks will only come from outside the network and forget about the 40% potential of attacks from inside (e.g., disgruntled employees, curious employees, malicious employees, contractors, etc.). There seems to be this idea that we depend on firewalls solely for our security when in fact it is a combination of a lot of things, as you've pointed out.

    Though, this whole discussion is mote if we don't have a savvy user (which probably represents -- I know, generalization -- about 80% of all users out there).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Think of it this way:

    Joe Admin sets up a network at his work. Lets say he has 10 machines, all windows xp. Joe gets hit with a worm, and all the machines are infected, or Joe get's backdoored and someone in Korea decides to use his T1 for their super l33t bit-torrent buddies. Joe throws a firewall in at the router level and cuts down on attacks on 10 machines and focuses hardening 1 machine.

    This mich sound dumb, but thats how it goes. Firewalls divert a mass of attacks by protecting a few, and usually well. Obviously businesses require firewalls these days, and the idea of you going out and buying a $2000 watchdog for you home pc is a little brash. Stick to the free stuff, and know that you get what you pay for. Even though there are vulnerabilities out there, between AV, anti-spyware, and a personal firewall, you shouldnt get hit.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  4. #4
    Member
    Join Date
    Apr 2003
    Posts
    95
    The way i see it firewalls may well be a double edged sword because if they aint kept up to date and well configured then they would do more harm as peopel woulf think they were more secure than they were not. Especially on home computers.

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  6. #6
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    This whole debate is moot (correct spelling). A condom incorrectly used is better than no condom at all.

    You aren't allowing people in by an incorrectly configured firewall, you are just teaching yourself a good lesson. That's like saying no antivirus at all is better than an incorrectly configured one.

    By personal experience people wanting to gain acces don't go looking initially for various firewall exploits, they fingerprint the OS and go for those. 'Nuff said.

    Reverse psychology only works so far. IMHO.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  7. #7
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    I think that if a user look's hard for good firewall's and one's that rarely are found with vulnerabilities and exploits (the least amount or whatever) and does a few comparison's on them, then he should pick that one out. Whether he chooses to continuously get the patches/updates for it or not is up to him, but now he has studied and picked out a pretty good software firewall.

    By personal experience people wanting to gain acces don't go looking initially for various firewall exploits, they fingerprint the OS and go for those. 'Nuff said.
    That seem's to be the case with my personal dealings as well, but if a hacker come's up against a well managed firewall (or a weak one for that matter) then they might start looking up exploit's and the latest vulnerabilities to it.

    EDIT:
    btw, I like the condom example korp, lol, funny stuff.
    Haha same, I thought that was brilliant.
    Space For Rent.. =]

  8. #8
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    I totally agree with korpdeath, any measure of security, whether it be AV, anti spyware, or software firewall, updated or not, can only help. btw, I like the condom example korp, lol, funny stuff.
    I am the uber duck!!1
    Proxy Tools

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    I don't quite agree,

    The way I see it, a simple firewall set to "high" security with known trusted programs identified, will keep out a lot of subnet scanning scripts and the like. These are massively more numerous that firewall vulnerability exploits. A lot of them will warn you if there is an update, so that should not be a real isssue.

    An AV, on the other hand, MUST be kept up to date, or it pretty soon becomes virtually useless. There are not that many "old" viruses left in the wild, and they tend to be relatively short lived compared to years ago when people used a lot of floppies. Once again, most of them will automatically update.

    My main problem with out of date AV is it can start to give false positives if you are not keeping it up to date, but are updating and adding other software. As the actual item is not a virus, it cannot be cleaned, and the default setting is usually to delete the file...........not good



    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Senior Member
    Join Date
    May 2003
    Posts
    407
    However, a condom used incorrectly also gives a false sense of security, so without you knowing your partner might get "rooted" . An example would be ZoneAlarm. IIRC, you can configure it to let everything in . also, the exploits are a good point. not that i agree with that idea. personally, i run a small home network, with a firmware firewall in my router. i haven't had an attack so far (notice "attack", not "attack attempt )


    slick
    \"Look, Doc, I spent last Tuesday watching fibers on my carpet. And the whole time I was watching my carpet, I was worrying that I, I might vomit. And the whole time, I was thinking, \"I\'m a grown man. I should know what goes on my head.\" And the more I thought about it... the more I realized that I should just blow my brains out and end it all. But then I thought, well, if I thought more about blowing my brains out... I start worrying about what that was going to do to my goddamn carpet. Okay, so, ah-he, that was a GOOD day, Doc. And, and I just want you to give me some pills and let me get on with my life. \" -Roy Waller

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides