Does a firewall protect against application attacks?
I have a stateful inspection firewall protecting our network. There are some "one-to-one" NAT settings, so we can send and receive e-mail. Are we still vulnerable to application attacks (like the Windows OS vulnerabilities) if we have a firewall? Is there something else we can do to protect ourselves?
Firewalls do not stop everything. There are some Windows vulnerabilities
that can be exploited by malicious Web sites. If a user visits that site, they are "had." Since your firewall probably allows users to surf the Internet and allows Internet responses to come back through, those attacks sail right through the firewall. Other exploits come in via e-mail, typically in attachments that users open without thinking about where they came from.
Some things you can do are:
Ensure that your firewall settings are correct. The default settings are typically not what you need.
Consider disabling Active-X and Java in your browsers. While
this can stop some malicious sites from attacking, it can also limit your functionality. Perhaps you can add sites that you need to use Active-X or Java to your Trusted Sites Zone (in Internet Explorer you can put sites into different zones) and allow the use of those tools in the Trusted Sites Zone, but not the generic Internet Zone.
Limit what types of attachments are allowed to pass through your firewall.
Have antivirus software both on the desktops and the e-mail server, and ensure that they are updated regularly.
Monitor the Web sites of all your software vendors and ensure that your
patches are kept up to date.
Continue to read SearchSecurity.com and other security sites to be
among the first to learn of new exploits and how to prevent them.
For more info on this topic, visit these SearchSecurity.com resources:
Best Web Links: Infrastructure and network security
Featured Topic: Firewall evolution
This was first published in December 2003