Answer

Firewall network security: Thwarting sophisticated attacks

What are the most sophisticated attacks a firewall can repel by preventing or blocking traffic?

    Requires Free Membership to View

It’s important to understand the role firewall network security plays with respect to information security controls.  I would encourage enterprise security pros to think of a firewall as one layer in a set of defenses that comprise a defense-in-depth strategy, rather than as a standalone defense that protects against a specific set of attacks.  The reality is many potential attacks are thwarted because of the interaction of a series of defenses rather than a single control.

The basic function of firewall network security is to control the traffic passing between two networks and block any undesired traffic.  This is often expressed in the philosophy, “block anything that is not explicitly allowed.”  A firewall is like a gatekeeper, watching the network and inspecting each packet to ensure it meets network security policy before it is allowed to pass.

In serving this basic role, firewalls prevent many simple attacks from succeeding.  They can easily block reconnaissance attacks, such as port sweeps or IP scanning.  They also restrict remote access to workstations and servers in enterprise environments, in addition to providing a degree of isolation between a network and the Internet at large. This set up can be thought of as a fence that separates a network from the outside world.

Modern firewalls also incorporate and integrate with other security controls to provide an added level of defense.  These include intrusion detection and prevention systems, application-layer scanning, and other advanced defenses that monitor for and block sophisticated attack attempts.

However, firewalls will never protect a network against an insider attack. For example, a firewall placed at the perimeter of a network is not capable of protecting against an attack waged on an internal server by an employee.  Similarly, if a firewall is used to segment the data center network from the corporate intranet, that firewall will be unable to prevent more sophisticated attacks like a server-to-server attack. This underscores the importance of a layered defense; an in-depth approach that includes both host-based controls, such as host firewalls and access control systems, in addition to network-based controls.

This was first published in December 2011

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: