[ISN] Firewalls stand the heat

From: mea culpa (jerichoat_private)
Date: Thu Sep 24 1998 - 14:41:48 PDT

  • Next message: mea culpa: "[ISN] Hacker threats spur firewall growth"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-Transfer-Encoding: QUOTED-PRINTABLE
    Content-ID: <Pine.SUN.3.96.980924154109.14838eat_private>
    Firewalls stand the heat =20
    Behind the scenes
    By Gary H. Anthes
    Review Center, Sept. 7, 1998 The three attack teams used a wide variety of
    methods, including commercially available and proprietary tools that scan
    for security vulnerabilities, hacker tools that exploit flaws and manual
    methods. The sophistication of these tools has grown rapidly during the
    past few years, making it a challenge for firewall vendors to stay a step
    ahead. For example, Internet Security Systems, Inc.'s (ISS) scanner now
    checks for some 340 security flaws.=20
    Federal Computer Week test center director Andreas Uiterwijk installed
    ISS's RealSecure intrusion detection software to monitor the attack teams'
    activities. It detailed denial-of-service attacks and intrusion attempts
    by type and also identified the IP addresses that the attacks came from.
    He strongly recommends its use and says it provides a more comprehensive
    audit trail of hacking attempts than the logs produced by the firewalls
    He says the number and variety of penetration attempts and
    denial-of-service attacks detected by the ISS monitor was "truly amazing."=
    And it did not, of course, include any new or esoteric hacks not yet
    programmed into the intrusion detection product.=20
    Uiterwijk worries that given enough time and effort, one or more of the
    teams eventually would have broken in to internal systems.=20
    Organizations with particularly sensitive data should isolate it on
    systems with no connection of any kind to a public network, he says.=20
    He also recommends that companies with high security demands enlist the
    aid of friendly hacker/consultants to examine their systems for
    The Computerworld/Federal Computer Week test was conducted against the
    objections of some major firewall vendors and the International Computer
    Security Association (ICSA), which works with vendors to test their
    firewalls. Four vendors agreed to participate, but eight others refused to
    provide their products. Some nonparticipating vendors said their newest
    products weren't ready for testing. Most others, and the ICSA, said the
    tests glorified hacking.=20
    The four firewalls were installed, one at a time for one week each, on a
    Hewlett-Packard Co. Vectra VL computer running Windows NT 4.0 at Federal
    Computer Week's test facility in Falls Church, Va.=20
    Behind the firewall was a LAN consisting of four client workstations and a
    Dell Computer Corp. PowerEdge server running Windows NT. The server ran
    three network services and held two files for the attack teams to seek.=20
    Other than the network address to attack, the teams were given no
    information about the environment.=20
    Each firewall was the standard, out-of-the-box model without options,
    vendor tweaks or modifications, says Andreas Uiterwijk, director of the
    test center. And each was installed strictly in accordance with product
    For example, all the vendors recommended in their documentation the use of
    Microsoft Corp.'s latest service pack =97 in this case Service Pack 3, whic=
    contains security features and fixes up to May 13, 1997. However, only one
    vendor's documentation also recommended installing all security patches
    released by Microsoft since Service Pack 3.=20
    Each of the firewalls employed the conservative approach recommended by
    experts in which all services are blocked except those specifically
    enabled by the customer.=20
    Each vendor checked out the test center's installation but made no changes
    to it, and each provided a small amount of user training.=20
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:40 PDT