Article

Firewalls are 'no silver bullet'

Edward Hurley, Assistant News Editor

While viruses and denial-of-service attacks remain constant, hybrid threats such as Nimda are now the most significant online threat to companies, according to recent report.

FOR MORE INFORMATION:

    Requires Free Membership to View

Best Web Links on firewalls

SearchSecurity news exclusive: "Firewall management standard lacking, but is there demand?


Feedback on this story? Send your comments to Assistant News Editor Edward Hurley

A hybrid threat like Nimda spreads in multiple ways including as an e-mail attachment and by exploiting vulnerabilities in Web servers. They are especially dangerous to companies that have adopted the crustacean approach to security namely, a hard outside but a soft inside. Security requires a layered defense. "Some people think having a firewall is a silver bullet," said Dennis Treece, director of Internet Security Systems' X-Force Special Operations Group. "It isn't."

ISS collected attack data from 350 customers from Dec. 22 to March 21. The sampling represents a Dow Jones index for security threats, in other words. The company found an average of 4,500 Nimda attacks per hour. "It is not going away," Treece said.

ISS attributes some of the Nimda activity to the increase of home and small office use of DSL and cable modems. A lot of the attacks seem to be coming from the large commercial ISPs. Home and small office users usually don't have a lot of knowledge of security. They can be infected and don't know it, Treece said.

Companies need to make sure internal systems (including laptops) are patched. Internal firewalls are also important. There are also ways to block attacks when they are detected in one part of the network. Proper tracking and logging is a good way to know where infections come from, Treece said.

Yet all the preceding suggestions require staff time, something that a lot of companies may not have the resources for, Treece said. Just having firewalls in place isn't good enough. They need to be properly configured in the right spots, he added.

ISS found that about 70% of attacks focus on port 80, which is used by most HTTP Internet traffic. Most companies leave that port open. However, companies should consider whether they want to let "everyone in the world into their network," Treece said.

"You need to look at your firewall policies. Why are you letting people into your network?" Treece asked. A solution would be to restrict port 80, but leave port 25 open so people can send e-mail requesting access to the port, he said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: