Firewalls: trespassers keep out!

Firewalls have been one of the few success stories in the fight against computer misuse.

They protect computers and networks from unwanted intrusion by acting as gatekeepers to and from the outside world. But they have been criticised for slowing network performance, and for a lack of scalability.

Users can either buy firewall software that runs on business or departmental servers, or purchase firewall appliances that they simply add to their network.

More recently, we have also seen the growth in popularity of client-side firewalls, prompted by the surge in consumer and small business broadband adoption.

The role of the firewall in blocking access to ports, other than the ones needed to allow normal traffic to pass through your network, is a crucial one. Without a firewall, all network access ports are potentially open. Open ports that are not being policed are a security hazard.

A firewall can close unused and unwanted ports, making the process of managing and monitoring those that are open easier and more reliable.

According to the 2001 US Computer Crime and Security survey, 85 per cent of the 538 security staff questioned had detected some kind of breach during the past year, while 64 per cent said that their organisation had lost money as a result.

Firewalls and hacking attacks
It's not difficult for an experienced hacker to find a hole in a poorly configured firewall and infiltrate a network, as many organisations have discovered to their cost.

"It's all very well implementing a firewall to secure your network, but in reality it exists purely as a preventative barrier for the network," explained Ian Tickle, UK manager at data integrity specialist Tripwire.

"While they can keep out most script kiddies and help protect systems from some denial of service attacks, there's one major limitation: it won't tell you if someone has got through."

This has been highlighted by the growth in broadband usage in the UK, and the rising number of home workers, branch offices and smaller businesses that are now connected to the internet on a permanent basis. Their networks and individual computers are potential targets for random attacks.

Graham Peat, European marketing manager at Rainbow Technologies, said: "Broadband connectivity to the internet means that home users are potentially vulnerable all the time their systems are on.

"The problem here, for organisations that rely increasingly on home workers, is that their security policies must adapt to include the remote user, otherwise security mistakes will happen."

Remote users pose a particular problem to companies trying to maintain a tight firewall policy. For employees to connect into the network and access company resources such as shares, printers, mass data storage and email, it means leaving another hole in the network through which they can connect.

You can secure this connection with a virtual private network, but this still relies on the external client machine being secure and running its own firewall and up-to-date virus detector.

Otherwise, you run the risk of creating a tunnel into your network through which a hacker could enter as a result of a weakness at the client end.

But a firewall cannot guarantee the safety of your data. "A firewall alone isn't enough to secure your interests. Knowing when your system is being attacked and being able to act on it immediately is the key to ensuring that your business stays your business," explained Tickle.

In short, the guy with the ill-configured firewall relaxes in the false belief that he is protected, whereas the guy without one at least knows that he is at risk.

Embedded firewalls
Firewall technology is continually being developed, and vast leaps have been made to enhance the level of security they bring.

The desire to protect the desktop has created a booming market for embedded firewall products.

While companies continue to deploy large-scale firewalls to the edge of the desktop, the deployment of firewalls directly onto servers and desktops is also increasing, as is the development of client-side firewalls.

While software firewalls are increasing in use and quality, hardware versions are falling in price, which makes them more suitable for localised deployment.

3Com has taken the firewall concept and embedded it into hardware devices. It is focusing on two areas: a centralised policy server for administering embedded firewall settings and preferences; and an embedded firewall application which 3Com has started integrating at the network card level.

This means that the firewall's port controls and data access policies can take effect before the data has even passed off the card and into the target system.

"Our embedded firewalls allow IT managers to secure the most vulnerable and unprotected areas of the network: the notebook and PC," said James Teel, senior director of security strategy at 3Com.

"Firewall network cards allow a much-needed approach to security that extends stringent security policies to end systems, and provides a way to connect, manage and secure remote desktop and notebook PCs."

However, wherever the firewall is positioned, be it at the network edge or on individual clients, it must be configured correctly and tested regularly.

FURTHER READING

An extensive resource of answers to common firewall questions can be found here.

A paper published by AT&T and Lumeta looking at the role of firewalls as a defence mechanism can be found here.