June 22nd, 2005 10:24 PM
Firewalls made of Straw
Yes, I paraphrased the actual title of the article.... A very interesting article that, if nothing else, compliments my argument against software firewalls....
The killer for the corporate world is this:-
The problem is that many of these other defensive appliances are rarely monitored. That is a sad but true statement in many cases. Furthermore, even when these appliances are monitored there is a strong possibility that the person who is reading the output does not have the requisite training, or knowledge, to understand the information they are seeing. In some cases, large networks receive hundreds of thousands of alerts every day.
The problem of an intrusion detection system going unmonitored, or misinterpreted is unfortunately an all too common one. Too many corporations invest in the technology yet do not invest in the human side of the equation to manage and monitor the equipment.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
June 22nd, 2005 10:54 PM
We've seen that phenomenon before when PC-XTs were new in the market. Companies buy computers and then announce that they are "now computerized" even when they really don't have the full grasp of the potential utilities a computer system would have to their business needs.
So, we see the same "fire and forget" mindset when it comes to security. If I understand the various threads here in AO alone: just because you have a firewall, it does not follow that you're safe.
If a company dares invest in the hardware and software, why not include the investment in the "wet-ware"?
Si vis pacem, para bellum!
June 22nd, 2005 11:26 PM
From the Introduction:
One of the very first text files I read, having found AO, was how to by pass Zone Alarm. A rather scathing attack on ZA also. ( that was 3 years ago ) The above quote is a paraphrase from that text. Or I should say looks like it is.
the firewall's operation can be circumvented by inserting a malicious Trojan into the network stack itself.
Amazing what sticks in the mind.
At this point is not the trojan the only method our attacker has to access the server?????????
Though our attacker now has system level access to the server, it is far stealthier to communicate to it via the LSP Trojan to decrease the chance of detection at any point in the future.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
June 23rd, 2005 06:12 PM
I agree with you here. I have no problem with a properly implemented software firewall solution. The only properly implemented software firewall being one placed behind a hardware firewall. A software firewall is only as secure as the operating system that it is running on, and is not a acceptable amount of security for a corporate network.
compliments my argument against software firewalls....
It is an interesting read though, thanks.
"Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous