Firewalls and Security, Are They Important to YOUR Company?
Oct 22, 2000, 19:13 (0 Talkback[s])
(Other stories by Kelvin Koh)
Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame
[ The opinions expressed by authors on Linux Today are their
own. They speak only for themselves and not for Linux Today or
By Kelvin Koh
"We have a $100,000 firewall that can deny all crackers." Yeah
right. Does it sound familiar to you? Probably.
Businesses of all sorts, from book retailers to banks are
rushing to get on the Internet. Many companies have spent huge sums
of dollars to put up pretty pages, marketing campaigns. However,
there is little effort invested in protecting their new age gems. I
have encountered several companies with big web businesses who
failed to install a single firewall in their premises. After
several days and weeks or persuasion, some heeded my advice to
install firewalls, while some remained complacent about their
'armoured servers from ABC vendor'.
All security implementations are about striking an appropriate
balance between usability and security. Increased security means
decreased usability. For those who are somewhat protected by a
well-configured firewall, good for you. But it may not be enough.
I'll show you 3 scenarios where firewalls are not very helpful.
A company places a web application server behind a
packet-filtering firewall, with rules literally denying all packets
except those with a match of remote port 80. While web traffic can
pass through, the network firewall is unable to determine whether
the source packets are from a cracker's box, thus application
security comes into picture. Web programs written without
undergoing proper security audit, such as CGI forms on a UNIX host
which accepts backticks (``) for processing in situations where
only numbers are needed, are quite likely to be vulnerable to CGI
According to an unnamed source, there is a higher probability of
security breaches originating from within the company than from an
external force. Corporate executives often store sensitive data in
their office computers without proper encryption. Emails too,
remain plain text in their email clients. A jealous or abusive
colleague with 24x7 access to the office premises may return at odd
hours to peep into another staff's computer. Should the company
have enforced a more sophisicated physical access list based on
time and staffs' position, such cracking attempt can be prevented.
Users who wish to protect sensitive information should turn to
GnuPG, an opensource
alternative to PGP from NAI.
In recent months, malicious computer viruses are spreading
rapidly and causing damage to computers all around the world. By
following a computer security bulletin board, you will notice many
of these viruses are placed as attachments in emails clothed with
an innocent outlook. To reduce the risks of transmission through
this popular channel, email gateways should execute virus scanning
to verify the email's integrity before any user can proceed to
download it. If your MTA cannot accept virus scanning plug-ins,
it's time to look around.
Firewalls, though unable to ensure 100% security, is highly
important. It serves as the front layer of security. A layered
security approach should be put in use to achieve a higher level of
"Firewalls are not important for old-economoy business..." -
I beg to differ (no intent of offence to my friend), how do you
define old economy business? Any business which has a
private or public computer network should enforce security
policies, audits, etc, to ensure the integrity of their data. Some
say banks are old economy. It will be disastrous if they
do not have firewalls as part of their information security
Kelvin Koh, 22 Oct 2000.
Comments, thoughts, flames? Email me at firstname.lastname@example.org.
- LinuxWorld: Installing a firewall, Part 2 - Tips for configuring secure, lean mail and network services(Oct 18, 2000)
- LinuxWorld: Installing a firewall, Part 1(Oct 11, 2000)
- LinuxWorld: Linux firewall survey, Part 1: Open source product roundup(Oct 10, 2000)
- Linux Journal: A Few Recipes for Easier Firewalls(Sep 17, 2000)
- Security Portal: Firewalls: What To Block(Sep 13, 2000)
- Security Portal: Firewalls - Common Configuration Problems(Sep 06, 2000)
- Security Portal: Firewalls - Overview(Aug 24, 2000)
- O'Reilly Network: 12 Tips on Building Firewalls(Jul 29, 2000)
- O'Reilly Network: Securing Your Home Network With the Edge Firewall(Jun 11, 2000)
- BSD Today: Running a BSD-based Firewall(May 29, 2000)
- SecurityFocus: Building a Linux Bunker: Basic Firewalling(May 09, 2000)
- RootPrompt.org: Auditing Your Firewall Setup(Apr 10, 2000)
- GBdirect: Firewalling with Linux(Apr 09, 2000)
- Linux Firewall and Security Site: Configuring an Internet Firewall and Home LAN With Linux(Apr 09, 2000)
- ZDNet: Linux Firewall On A 486: A Guard-Penguin For Your DSL Or Cable Modem... [Linux Router Proj.](Apr 05, 2000)
- Linux Journal: Transparent Firewalling(Oct 24, 1999)
- Linux.com: Deploying a Linux Firewall(Oct 09, 1999)