• Admin

Six Myths of Firewalls

In this post we are going to talk about the the myths of firewall. Cryptographic techniques such as those used by Kerberos are far superior when compared to stopgap attempts that Firewalls represent.

Six Myths of Firewalls
Six Myths of Firewalls

1. We've got the place surrounded.

Firewalls make the assumption that the only way in or out of a corporate network is through the firewalls; that there are no "back doors" to your network. In practice, this is rarely the case, especially for a network which spans a large enterprise. Users may setup their own backdoors, using modems, terminal servers, or use such programs as "PC Anywhere" so that they can work from home. The more inconvenient a firewall is to your user community, the more likely someone will set up their own "back door" channel to their machine, thus bypassing your firewall.

Related to this problem is the observation that in research or academic communities (and sometimes in corporate environments as well!), researchers, professors, or engineers may demand so many exceptions to the firewall policy so that they can communicate with their collaborators at other research sites or universities that you might as well not have the firewall.

2. Nobody here but us chickens.

Firewalls make the assumption that all of the bad guys are on the outside of the firewall, and everyone on the inside of the can be considered trustworthy. This neglects the large number of corporate computer crimes which are committed by insiders.

Of course, in academic institutions, the assumption that the "bad guys" are always on the outside is often laughable. We have often observed that there's nothing quite so dangerous as a bored MIT student.

3. Sticks and Stones may break my bones, but words will never hurt me.

This myth may also be restated as "Sticks and Stones may break my bones, but Word will never hurt me." Newly evolving systems are blurring the lines between data and executables more and more. With the advent of Word macros, Javascript, Java, and other forms executable fragments which can be embedded inside data, a security model which neglects this will leave you wide open to a wide range of attacks. 

Six Myths of Firewalls
Six Myths of Firewalls

4. Even if a threat is completely new, a firewall can still protect you against it.

A firewall is basically designed to protect you against known threats only. Some of the new ones also do protect you against some new threats, but it can’t do so automatically against every new threat. New ways to attack are conceived more quickly than the industry is able to design tools to protect your system. A firewall is not a set-up-once-and-forget-it-forever type of a utility.

Myths about Firewalls

5. A firewall is enough, who needs an anti-virus program?

You do. Everyone does. That’s because a firewall can’t keep viruses out. In the article, it has been discussed that the firewall follows some set rules and does the blocking or allowing of certain information based on parameters like Sources, Destinations, Port Numbers, Content and the like. There are simply too many viruses out there and there is no way you can set rules for your firewall to follow. Most businesses use a firewall in tandem with a robust anti-virus package for the best possible use.

6. A firewall can protect you from all possible threats.

Not even close to the truth. There are a lot of things a firewall can’t do. Starting from the simplest level, a firewall cannot protect you from insiders within your company with malicious intentions. Users inside can spread malware, steal data and do anything as they please and there is nothing your all-powerful firewall can do. Host security and proper training and education is the only way out of this problem.

Also Read: Kerberos Authentication Working in detail(Part-1)

52 views0 comments

Recent Posts

See All