10 What can a firewall protect against?
Description
This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.
10 What can a firewall protect against?
Some firewalls permit only email traffic through them, thereby protecting
the network against any attacks other than attacks against the email
service. Other firewalls provide less strict protections, and block services
that are known to be problems.
Generally, firewalls are configured to protect against unauthenticated
interactive logins from the ``outside'' world. This, more than anything,
helps prevent vandals from logging into machines on your network. More
elaborate firewalls block traffic from the outside to the inside, but permit
users on the inside to communicate freely with the outside. The firewall can
protect you against any type of network-borne attack if you unplug it.
Firewalls are also important since they can provide a single ``choke point''
where security and audit can be imposed. Unlike in a situation where a
computer system is being attacked by someone dialing in with a modem, the
firewall can act as an effective ``phone tap'' and tracing tool. Firewalls
provide an important logging and auditing function; often they provide
summaries to the administrator about what kinds and amount of traffic passed
through it, how many attempts there were to break into it, etc.
This is an important point: providing this ``choke point'' can serve the
same purpose on your network as a guarded gate can for your site's physical
premises. That means anytime you have a change in ``zones'' or levels of
sensitivity, such a checkpoint is appropriate. A company rarely has only an
outside gate and no receptionist or security staff to check badges on the
way in. If there are layers of security on your site, it's reasonable to
expect layers of security on your network.
Continue to:
My Books
