An entire security solution is needed, say hackers
Hackers call on the IT community to abandon the "single firewall" model of network security and implement multiple lines of defence
An audience of several hundred network security professionals watched with rapt attention last week as a trio of hackers repeatedly penetrated one of the industry's most trusted and popular firewall product –Checkpoint Software's Firewall-1.
The demonstration, presented at the "Black Hat" security conference in Las Vegas, challenged the widely accepted notion that firewalls are largely immune to direct attack. The panel--John McDonald and Thomas Lopatic of German security firm Data Protect GmbH and Dug Song of the University of Michigan--identified three general categories of firewall attacks. They began by demonstrating a number of relatively simple techniques by which an attacker could impersonate an authorized administrator, and thus gain access to the firewall application itself. A second type of attack tricked the firewall into believing an unauthorized Internet connection was actually an authorized virtual private network connection. Finally, the panel exploited a number of errors in the process used to examine traffic passing through the firewall to sneak in dangerous commands.
While their presentation focussed on a single commercial firewall product, panel members repeatedly emphasized that most firewalls are vulnerable to the types of attacks demonstrated. "The problem is not just with [Firewall-1]," said Song. "The real problem is the blind trust most people place in their firewalls."
Greg Smith, Checkpoint's director of product marketing for Firewall-1, pointed out that many of the attacks demonstrated relied on improper firewall configuration, and he asserted that they presented little practical threat. "Not a single customer has reported a problem with any of these issues."
While Checkpoint issues service pack to address vulnerabilities, hackers warn against placing too much faith in firewalls. Nevertheless, Checkpoint worked with McDonald, Lopatic and Song in developing defenses against the attacks, which they released as part of Firewall-1 Service Pack 2 immediately following the demonstration. Checkpoint emphasized that the service pack should prevent all of the attacks discussed, even those dependant on mis-configuration.
The panel also recommended a number of additional steps for "hardening" firewalls, including use of strong authentication protocols, "anti-spoofing" mechanisms and highly restrictive access rules. At the
Source: zdnetnews.com 2 August 00.
By David Raikow Sm@rt Partner
Please feel free to email us - firstname.lastname@example.org
Site designed by Cipher-IT Ltd