InformationWeek – Security > Why don't firewalls work?

Welcome Guest | |

Home
Global CIO 2010
Case Studies
Special Features
Interviews
Top News
Section
Vertical
- BFSI
- IT/ITES
- Government
- FMCG
- Telecom
- Manufacturing
- Pharma
- Services
Special Property
Editor Zone
Analytics & Reports
International News

| | | | | | | | | | |

Security

Why don't firewalls work?
Even the best firewalls might fail an audit -- or get hacked -- if your enterprise doesn't follow proper change and configuration management practices. Here's a look at some of the common pitfalls that trip up firewall administrators By Tim Wilson, DarkReading, December 27, 2010

A large enterprise recently realized one of its firewalls had suddenly gone quiet, and was no longer requesting policy changes or updates as usual. After a careful audit, the enterprise discovered the reason: A hacker had inserted an "allow any to any" rule in the middle of the firewall's policy, leaving the doors wide open to all traffic, both in and out of the company.

Such blatant hacks are rare, but the story -- relayed by firewall maker Cisco Systems -- is a cautionary tale, experts say. A poorly configured firewall can be worse for data security than no firewall at all.

"We see customers that have hundreds of rules and thousands of objects defined on their firewalls," says Matt Dryer, product marketing manager for the Security Technology Business Unit at Cisco. "They go in and add rules and objects, but they never delete anything. They don't follow a structured change control process. They don't have an unmanageable amount of gear, but the configuration and change management process just keeps getting more complex."

The proliferation of firewalls in large enterprises is making management even more difficult, notes Mike Lloyd, chief scientist at RedSeal, which makes software that aids in enterprise firewall change and security posture management. "The problem with firewalls is that they were originally designed to secure a closed environment, like you'd secure a bank. But today's enterprise is more like a city than a bank. There needs to be some fundamental change in the way enterprises think about their firewalls."

The problem, experts say, is not in the firewall technology itself, but in the way the firewalls are administered. In most companies, firewall administrators have a wide variety of other responsibilities, and they simply don't have the time or information they need to set all of the rules properly.

"About 95 percent of firewall issues are configuration errors, not vulnerabilities in the firewalls themselves, says Nimrod Reichenberg, vice president of marketing at AlgoSec, which makes tools for firewall configuration and change management. "Most of the issues are caused by human error."

Mike Rothman, an analyst at security consulting firm Securosis, agrees. "Most of the issues with firewalls relate to the user opening something they shouldn't," he says. "This could be because a user asks for a port to be opened, and the admin doesn't realize what the impact of that is. Or it could involve adding [or removing] a rule, which obviates more stringent controls lower in the rule base. The bad guys are constantly doing reconnaissance to figure out which ports and protocols are open, and then attacking them. So if a perimeter firewall is inadvertently opened, there is a pretty high likelihood the issue will be discovered and exploited quickly."

blog comments powered by Disqus

Digital Issues