Flaws in the concept of a firewall

I am studying security critical systems, and it has been posed to me that there are flaws in the concept of a firewall. It has also been inferred that some aspects of firewalls violate the fundamental design principles of high integrity systems. These principles are given to me as "hazard removal, risk reduction and hazard control".

My own thoughts are that I disagree. The person who posed the question, however, obviously feels that this is the case though. Since I disagree, I am struggling to come up with answers.

The best "flaw" I can come up with is that firewalls can block valid traffic (through misconfiguration). Possibly also that with the firewall login details, the firewall administration system could be accessed externally and compromise the network.

As far as "violating" the design principles? I also feel that they don't. To me, firewalls reinforce the design principles e.g. hazard removal - they block unwanted access to systems. Risk reduction - they reduce the risk of the unauthorised access hazard occurring. Also, hazard control - I suppose firewalls don't really do anything to reduce the damage once unauthorised access has been gained but this hardly constitutes a "violation" of the principle.

Do you have any suggestions as to what I'm missing? Or what my supervisor is getting at with the question?

Thanks in advance.

Reply to
Brian
Loading thread data ...

I have no idea what he is getting at.. maybe you should ask him for examples?

Flamer.

Reply to
die.spam

I stole this from somewhere with a funky URL... "High-Integrity systems are complex, software controlled systems, which, in the event of failure, have a high impact on humans, the environment, organizations and society. They come in two flavors:

- Safety critical systems (SCS) have a direct influence on the live and health of humans and the environment. Examples can be found in all industrial areas, e.g. aerospace, automotive, railway and marine systems, power generation, medical technology, SCADA etc.

- Mission critical systems (MCS) posess a high criticality with respect to the functioning of an organization, e.g. ERP, CRM."

Ok, with that out of the way... your friend likes to hear himself talk, so he throws $4 words around in a 50cent conversation, just to impress people or to look smart... Here's my thought, challenge him, ask him what the last high integrity system he controlled, and then ask him if he thinks a bank is a HIS, or maybe a nuclear facility like ORNL, or TVA... IMO, yes they are.. they have a direct impact on the public....

That being said...your friend does have an idea, he is just conveying it incorrectly... the only flaw a firewall has is the human factor... humans set it up, so it's flawed... Other than that, any hardware firewall has flaws... because it's dependant on outside intelligence... it's a dumb box... it's presented with a 'question' it compares it to a 'rule' and then it's just a static answer, yes or no....

This could be a real cool discussion... anyone else want to chime in on this? Thanks for bringing it up...

RedForeman

Reply to
RedForeman

You forgot another principle: "Keep It Simple, Stupid". A lot of errors occur as a result of being overly complex and tripping over your own feet. See the articles in

formatting link
Risks Digest - a digest of articles published by the "ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS".)

Then ask this person for concrete examples.

"valid traffic" by whose definition? This may or may not be a function of misconfiguration. The average user thinks that a firewall should block the bad stuff - allowing everything else. The problem with that is that you are always playing "catch up" - discovering (after you've been screwed) that "this is bad and should be blocked". A more prudent method is to block BY DEFAULT, and only allow that which is needed. The problem then becomes defining "what is needed" and therefore has to be allowed (and perhaps "allowed from/to where"). Usually, this "what can be allowed" list is simpler than the "bad stuff" list.

The firewall administrator who allows ANY external access (and often internal access) except from "trusted" locations/devices using strong authentication mechanisms to the firewall is to stupid to be allowed to breath, and should be reassigned to less demanding tasks like counting raindrops in Southern Algeria.

Old guy

Reply to
Moe Trin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.