Results 1 to 4 of 4

Thread: Firewalls made of Straw

  1. #1
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197

    Firewalls made of Straw

    Yes, I paraphrased the actual title of the article.... A very interesting article that, if nothing else, compliments my argument against software firewalls....

    Source

    The killer for the corporate world is this:-

    The problem is that many of these other defensive appliances are rarely monitored. That is a sad but true statement in many cases. Furthermore, even when these appliances are monitored there is a strong possibility that the person who is reading the output does not have the requisite training, or knowledge, to understand the information they are seeing. In some cases, large networks receive hundreds of thousands of alerts every day.

    The problem of an intrusion detection system going unmonitored, or misinterpreted is unfortunately an all too common one. Too many corporations invest in the technology yet do not invest in the human side of the equation to manage and monitor the equipment.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #2
    We've seen that phenomenon before when PC-XTs were new in the market. Companies buy computers and then announce that they are "now computerized" even when they really don't have the full grasp of the potential utilities a computer system would have to their business needs.

    So, we see the same "fire and forget" mindset when it comes to security. If I understand the various threads here in AO alone: just because you have a firewall, it does not follow that you're safe.

    If a company dares invest in the hardware and software, why not include the investment in the "wet-ware"?
    Si vis pacem, para bellum!

  3. #3
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    From the Introduction:

    the firewall's operation can be circumvented by inserting a malicious Trojan into the network stack itself.
    One of the very first text files I read, having found AO, was how to by pass Zone Alarm. A rather scathing attack on ZA also. ( that was 3 years ago ) The above quote is a paraphrase from that text. Or I should say looks like it is.

    Amazing what sticks in the mind.


    Though our attacker now has system level access to the server, it is far stealthier to communicate to it via the LSP Trojan to decrease the chance of detection at any point in the future.
    At this point is not the trojan the only method our attacker has to access the server?????????
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #4
    compliments my argument against software firewalls....
    I agree with you here. I have no problem with a properly implemented software firewall solution. The only properly implemented software firewall being one placed behind a hardware firewall. A software firewall is only as secure as the operating system that it is running on, and is not a acceptable amount of security for a corporate network.

    It is an interesting read though, thanks.
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •