|
|
|
Limitations of firewalls:
Until recently firewalls were considered sufficient to guard a network on their own. However, a Firewall can only guard against the traffic that passes through it. Certain traffic such as a remote user’s dial-up connection to a remote access server (RAS) would bypass the firewall entirely. Moreover, firewalls have been developed with two things in mind, access control and protocol integrity. They rely on application vendors to develop bugfree products as well as provide Application Layer security.
By access control we mean allowing or disallowing certain types of traffic, to or from the specified IP addresses and to or from the specified ports. For example, some organizations may not allow direct connectivity to certain ports or may allow only secured connections. For protocol integrity, firewalls examine the packet to ascertain whether a protocol is working in the way it was designed to be. For instance, there is no legitimate way by which one can have an ACK signal without first sending a SYN signal.
The limitations of firewalls in general are as listed below:
- Very little or no effort is taken to look in detail at the data contents of the packet.
- Firewalls do not protect against viruses: New viruses are continuously released and there are many ways of encoding binary files...
- They do not protect against threats that exploit flaws within the network or applications themselves.
- They do not protect against malicious but authorized internal users.
So are firewalls really able to secure the network?
The question here really should be “Are firewalls capable of protecting a network on their own?” The answer is “No”.
An analogy can be drawn between protecting a network and protecting a house. Firewalls are like a bouncers that only allow traffic through the front door with an invitation. It may also allow certain traffic without an invitation that is looking for marketing material into the garage. However, the firewall does not know if the traffic is harmful (for example: contains a virus) or benign.
To some degree, the effectiveness of firewalls as access control devices has forced attackers to use methods that circumvent the firewall's security measures. Nowadays, attacks target vulnerabilities in web applications (such as incorrectly handled variables which then pass on attacks to application servers and databases) and client applications (such as Internet Explorer, Adobe Acrobat, Word, PowerPoint, etc.). Firewalls are completely blind to these types of attacks, other technologies that are designed to examine application layer content, such as Intrusion Detection and Prevention, Web Application Firewalls, and Gateway Anti-Virus, are needed to counter these threats.
Recently, there has been an effort to add some amount of application layer protection to many popular firewalls. However those efforts are really no more than a short list of obvious attacks, leaving the vast majority of application layer attacks unchallenged.
|
Computer Security Home
The OSI and the TCP/IP Layers
TCP
IP
Network & Application Layer Attacks
Network Layer DoS
Syn Flood
Ack Flood
RESET Attack
FIN Attack
Teardrop Attack
IP Spoofing
Predicting TCP Sequence Numbers
Application Layer Attacks
Buffer Overflows
Trojans
Backdoors
Cross-site Scripting
CGI abuses
Firewalls
Packet Filters
Proxy Firewalls
Circuit Level Proxies
Application Level Proxies
Stateful Inspection Firewalls
Limitations of Firewalls
Intrusion Detection and Prevention Systems
Signature Based
Anomaly Based
Statistical Anomaly Based
Protocol Anomaly Based
Host Based IDS (HIDS)
Network Based IDS (NIDS)
Protocol Anomaly Based NIDS
Signature Based NIDS
Web Application Firewalls
Vulnerability Assesment
Host Based Scanner
Network Based Scanner
Web Application Vulnerability Scanner
Content Filters
Encryption
Conclusion
|
|