[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Firewalls stand the heat
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-09-24 21:41:48
[Download RAW message or body]

http://www.computerworld.com/home/features.nsf/All/980907rc2

Firewalls stand the heat  
Behind the scenes
By Gary H. Anthes

Review Center, Sept. 7, 1998 The three attack teams used a wide variety of
methods, including commercially available and proprietary tools that scan
for security vulnerabilities, hacker tools that exploit flaws and manual
methods. The sophistication of these tools has grown rapidly during the
past few years, making it a challenge for firewall vendors to stay a step
ahead. For example, Internet Security Systems, Inc.'s (ISS) scanner now
checks for some 340 security flaws. 

Federal Computer Week test center director Andreas Uiterwijk installed
ISS's RealSecure intrusion detection software to monitor the attack teams'
activities. It detailed denial-of-service attacks and intrusion attempts
by type and also identified the IP addresses that the attacks came from.
He strongly recommends its use and says it provides a more comprehensive
audit trail of hacking attempts than the logs produced by the firewalls
themselves. 

He says the number and variety of penetration attempts and
denial-of-service attacks detected by the ISS monitor was "truly amazing." 

And it did not, of course, include any new or esoteric hacks not yet
programmed into the intrusion detection product. 

Uiterwijk worries that given enough time and effort, one or more of the
teams eventually would have broken in to internal systems. 

Organizations with particularly sensitive data should isolate it on
systems with no connection of any kind to a public network, he says. 

He also recommends that companies with high security demands enlist the
aid of friendly hacker/consultants to examine their systems for
vulnerabilities. 

Methodology

The Computerworld/Federal Computer Week test was conducted against the
objections of some major firewall vendors and the International Computer
Security Association (ICSA), which works with vendors to test their
firewalls. Four vendors agreed to participate, but eight others refused to
provide their products. Some nonparticipating vendors said their newest
products weren't ready for testing. Most others, and the ICSA, said the
tests glorified hacking. 

The four firewalls were installed, one at a time for one week each, on a
Hewlett-Packard Co. Vectra VL computer running Windows NT 4.0 at Federal
Computer Week's test facility in Falls Church, Va. 

Behind the firewall was a LAN consisting of four client workstations and a
Dell Computer Corp. PowerEdge server running Windows NT. The server ran
three network services and held two files for the attack teams to seek. 

Other than the network address to attack, the teams were given no
information about the environment. 

Each firewall was the standard, out-of-the-box model without options,
vendor tweaks or modifications, says Andreas Uiterwijk, director of the
test center. And each was installed strictly in accordance with product
documentation. 

For example, all the vendors recommended in their documentation the use of
Microsoft Corp.'s latest service pack — in this case Service Pack 3, which
contains security features and fixes up to May 13, 1997. However, only one
vendor's documentation also recommended installing all security patches
released by Microsoft since Service Pack 3. 

Each of the firewalls employed the conservative approach recommended by
experts in which all services are blocked except those specifically
enabled by the customer. 

Each vendor checked out the test center's installation but made no changes
to it, and each provided a small amount of user training. 

-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]


[prev in list] [next in list] [prev in thread] [next in thread]