Firewalls - Printable Version +- Accountancy Forum (https://www.accountancy.com.pk/forum) +-- Forum: The Profession (https://www.accountancy.com.pk/forum/forum-the-profession) +--- Forum: Technology (https://www.accountancy.com.pk/forum/forum-technology) +--- Thread: Firewalls (/thread-firewalls) |
Firewalls - Ali Akbar - 02-26-2005 AOA To secure networks firwall is a famous technology used by many organizations. Firewalls have some properties and it offer some benefits too. What can be the possible risks associated with the implementation of firewalls. At least four risks. I know two of them i.e i)Technological obsolecense ii)Danger of not receiving important data which cant be passed through firewall. So I m looking for at least 2 more risks. ICAP is the best - Desert Sleet - 02-27-2005 There are now numerous amounts of firewalls available in today's market with a wide array of speeds, strengths and weaknesses. The limitations are based on an engineers ability to decern the needs of the client and or model and provide the correct product choice, followed by proper deployment, configuration and management. Without proper implementation, maintenance and follow-up no firewall is invincible. <b>Defense against exploitation of security holes </b> Firewall can allow or deny access to your computer or from your computer according to the type of communication, its source and destination, and according to the question which program on your computer is handling the communication. Yet, its ability to understand the details of the communication is very limited. For example, you may set the firewall to allow or to deny your e-mail program from getting and/or sending messages. It may allow or deny your web browser from browsing the Internet. But if you allowed your e-mail program to communicate with the e-mail servers for sending and receiving messages, (and you are likely to allow it if you want to use your e-mail program), or if you set the firewall to allow your web browser to communicate with web sites, the firewall will not be able to understand the content of the communication much further, and if your web browser has a security hole, and some remote site will try to exploit it, your firewall will not be able to make a distinction between the communication that exploits the security hole, and legitimate communication. The same principle goes with e-mail program. A personal firewall may block you from receiving or sending e-mail messages, but if you allowed it to receive messages, the personal firewall will not make a distinction between a legitimate message and a non-legitimate one (such as a one that carries a virus or a Trojan horse). Security holes in legitimate programs can be exploited and a personal firewall can do practically nothing about it. <b>Tricks to bypass or disable personal firewalls </b> There are also various ways to disable, or bypass firewalls. During the time a few tricks to bypass or disable were demonstrated by various programs. Especially, tricks for an internal program to communicate with the outside bypassing or tricking the firewall. For some of them such as the one demonstrated by the Leaktest, and in which a non-legitimate program disguises itself as Internet Explorer, practically today, all personal firewalls are immuned. For other tricks, such as a one demonstrated by Outbound, which uses some non-standard type of communication directly to the network adapters bypassing the components of the operating system which are suppose to deal with Internet communication, and by that bypassing the firewall, are only now being patched against by the various firewalls, and yet other methods, such as the one demonstrated by Tooleaky, which uses Internet Explorer as a messenger to communicate with the outside, and is thus identified as a mere legitimate browsing, are still waiting for most of the firewall to find a fix. <b>Firewalls cannot decide for you what is a legitimate communication and what is not </b> One of the main problems with personal firewalls, is that you cannot simply install them and forget them, counting on them to do their job. They can deny or permit various types of communications according to some criteria, but what is this criteria, and who decides what is the criteria for whether they should permit or deny some communication? The answer, is that it is the computer user's job to define the exact criteria when the firewall should allow a communication and when it should block it. The firewall may make it easier for you, but it should not take the decisions. There are too many programs, too many versions, and it is not possible for the firewall to decide accurately when a communication is legitimate and when it is not. One person might think that it is legitimate for some program to deliver some information to the outside in order to get some service, while another will think that it is not. One version of a program might communicate with its home server in order to check whether there is an upgrade, and another version might also install the upgrade even if you do not wish. Some firewalls will try to identify communication efforts which are largely considered as legitimate, and will let you the information so that it will be easier for you to decide whether such should be allowed. Others will suffice with more basic information, making no suggestions (and thus - no incorrect recommendations). One way or another, once you installed a firewall, you will have better means to understand what types of communications are running on your computer, but you will also have to understand them in order to be able to configure your firewall so that it will correctly know which communications to allow and which to block. --------------------------------------------- If I could... Then I would... Turn back time!! - Ali Akbar - 02-27-2005 SO Mr.Desert what about my another question, i.e of White Box Testing, do u know about it? ICAP is the best. - bilal azhar - 02-27-2005 some of the other limitations that firewalls have are 1. provide no data integrity.it is not feasible to check all incoming traffic. 2. provide little confidentiality. 3. cannot provide guarantee from outside attacks. bilal |