This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------1B837F844B63 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Content-Transfer-Encoding: QUOTED-PRINTABLE Content-ID: <Pine.SUN.3.96.980924154109.14838eat_private> http://www.computerworld.com/home/features.nsf/All/980907rc2 Firewalls stand the heat =20 Behind the scenes By Gary H. Anthes Review Center, Sept. 7, 1998 The three attack teams used a wide variety of methods, including commercially available and proprietary tools that scan for security vulnerabilities, hacker tools that exploit flaws and manual methods. The sophistication of these tools has grown rapidly during the past few years, making it a challenge for firewall vendors to stay a step ahead. For example, Internet Security Systems, Inc.'s (ISS) scanner now checks for some 340 security flaws.=20 Federal Computer Week test center director Andreas Uiterwijk installed ISS's RealSecure intrusion detection software to monitor the attack teams' activities. It detailed denial-of-service attacks and intrusion attempts by type and also identified the IP addresses that the attacks came from. He strongly recommends its use and says it provides a more comprehensive audit trail of hacking attempts than the logs produced by the firewalls themselves.=20 He says the number and variety of penetration attempts and denial-of-service attacks detected by the ISS monitor was "truly amazing."= =20 And it did not, of course, include any new or esoteric hacks not yet programmed into the intrusion detection product.=20 Uiterwijk worries that given enough time and effort, one or more of the teams eventually would have broken in to internal systems.=20 Organizations with particularly sensitive data should isolate it on systems with no connection of any kind to a public network, he says.=20 He also recommends that companies with high security demands enlist the aid of friendly hacker/consultants to examine their systems for vulnerabilities.=20 Methodology The Computerworld/Federal Computer Week test was conducted against the objections of some major firewall vendors and the International Computer Security Association (ICSA), which works with vendors to test their firewalls. Four vendors agreed to participate, but eight others refused to provide their products. Some nonparticipating vendors said their newest products weren't ready for testing. Most others, and the ICSA, said the tests glorified hacking.=20 The four firewalls were installed, one at a time for one week each, on a Hewlett-Packard Co. Vectra VL computer running Windows NT 4.0 at Federal Computer Week's test facility in Falls Church, Va.=20 Behind the firewall was a LAN consisting of four client workstations and a Dell Computer Corp. PowerEdge server running Windows NT. The server ran three network services and held two files for the attack teams to seek.=20 Other than the network address to attack, the teams were given no information about the environment.=20 Each firewall was the standard, out-of-the-box model without options, vendor tweaks or modifications, says Andreas Uiterwijk, director of the test center. And each was installed strictly in accordance with product documentation.=20 For example, all the vendors recommended in their documentation the use of Microsoft Corp.'s latest service pack =97 in this case Service Pack 3, whic= h contains security features and fixes up to May 13, 1997. However, only one vendor's documentation also recommended installing all security patches released by Microsoft since Service Pack 3.=20 Each of the firewalls employed the conservative approach recommended by experts in which all services are blocked except those specifically enabled by the customer.=20 Each vendor checked out the test center's installation but made no changes to it, and each provided a small amount of user training.=20 --------------1B837F844B63-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:05:40 PDT