Firewalls are 'no silver bullet'

Article

Firewalls are 'no silver bullet'

Edward Hurley, Assistant News Editor

While viruses and denial-of-service attacks remain constant, hybrid threats such as Nimda are now the most significant online threat to companies, according to recent report.

FOR MORE INFORMATION:

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Best Web Links on firewalls

SearchSecurity news exclusive: "Firewall management standard lacking, but is there demand?

Feedback on this story? Send your comments to Assistant News Editor Edward Hurley

A hybrid threat like Nimda spreads in multiple ways including as an e-mail attachment and by exploiting vulnerabilities in Web servers. They are especially dangerous to companies that have adopted the crustacean approach to security namely, a hard outside but a soft inside. Security requires a layered defense. "Some people think having a firewall is a silver bullet," said Dennis Treece, director of Internet Security Systems' X-Force Special Operations Group. "It isn't."

ISS collected attack data from 350 customers from Dec. 22 to March 21. The sampling represents a Dow Jones index for security threats, in other words. The company found an average of 4,500 Nimda attacks per hour. "It is not going away," Treece said.

ISS attributes some of the Nimda activity to the increase of home and small office use of DSL and cable modems. A lot of the attacks seem to be coming from the large commercial ISPs. Home and small office users usually don't have a lot of knowledge of security. They can be infected and don't know it, Treece said.

Companies need to make sure internal systems (including laptops) are patched. Internal firewalls are also important. There are also ways to block attacks when they are detected in one part of the network. Proper tracking and logging is a good way to know where infections come from, Treece said.

Yet all the preceding suggestions require staff time, something that a lot of companies may not have the resources for, Treece said. Just having firewalls in place isn't good enough. They need to be properly configured in the right spots, he added.

ISS found that about 70% of attacks focus on port 80, which is used by most HTTP Internet traffic. Most companies leave that port open. However, companies should consider whether they want to let "everyone in the world into their network," Treece said.

"You need to look at your firewall policies. Why are you letting people into your network?" Treece asked. A solution would be to restrict port 80, but leave port 25 open so people can send e-mail requesting access to the port, he said.