Information Security News mailing list archives
Don't Trust a Firewall
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Mon, 20 Sep 1999 16:13:27 -0600
From: darek.milewski () us pwcglobal com http://www.zdnet.com/filters/printerfriendly/0,6061,2334963-50,00.html Don't Trust a Firewall By Frank J. Derfler, Jr., PC Magazine September 17, 1999 7:21 AM PT At this week's NetWorld+Interop trade show in Atlanta, network security is on everyone's mind. Headlines about Hotmail's security hole and potential security problems with WebTV are fresh, and there's talk of the inevitability of network penetration attempts. And the experts are concerned about the reliability of existing technologies to thwart intruders. "Firewalls are dinosaurs!" says Robert Moskowitz, senior technical director of the International Computer Security Association. He was seated on a panel with Marcus Ranum, CEO of Network Flight Recorder and maker of the first commercial firewall product in 1989. "There are so many holes in firewalls for special applications that I no longer trust the technology," Ranum said. Sacrificial Systems What's the solution? The experts speaking on panels throughout the conference emphasized that companies should implement standard administrative security practices because most saboteurs come from the inside. Experts also suggested putting on the public Internet sacrificial systems that you expect to be abused but that don't have any physical network connection to your business systems. No one has a silver bullet for stopping intruders and saboteurs, but several companies are offering products to slow them down. A new product called Packeteyes, from SBE, consists of a small router able to make one T1 connection that examines and reports on the specific content of every packet it passes. Running on any Microsoft Windows PC, Packeteyes uses graphical tools to help administrators create policies concerning what sources may access specific data and applications. Policy management is a point defense against attack. The experts are positive about virtual private networking (VPN) and IPSec technologies. VPN products are everywhere on the show floor, and the VPN flood has spawned associated products. VPN value-added services, including bandwidth management and extensive end-user support, are available from companies as diverse as AT&T and TimeStep. A small startup called Blue Steel Networks demonstrated an add-in hardware processor that takes over IPSec number-crunching from a server's CPU. [snip..]
Current thread:
- Don't Trust a Firewall mea culpa (Sep 20)