Internet.com ISP-Planet

 


Sections

 • Best of the Lists
 • Business
 • CLEC-Planet
 • Equipment
 • Executive
   Perspectives
 • Fixed Wireless
 • Investor
 • Marketing
 • Market Research
 • News
 • Notable Quotes
 • Politics
 • Profiles
 • Resources
 • Technology
 • Value-Added
   Services
 • Webhosting
Also ...
 • About Us
 • Authors
 • Letters
  • Site Map
 • Technology Jobs


 
ISP Glossary
Find an ISP Term
 
Search ISP-Planet


Search internet.com
 
internet.com

Internet News
Small Business

Advertise
Newsletters
Tech Jobs
E-mail Offers

internet.commerce
Be a Commerce Partner

ISP Value-Added Services

Best of the ISP-Lists

Security

The Firewall Illusion

Members of the ISP-Tech list discuss various levels of security for various customers. Whatever you do, don't rely on a firewall alone because all too often it's just an illusion.

[July 23, 2001]
Email a Colleague

On the ISP-Tech list in June, IT asked,

"Is a firewall really necessary? If you place your LAN behind a router, won't that give you basic protection?"

Some respondents noted that security needs vary, depending on who you are:

[BL offered] "If you're a corporation, a business, or an individual with anything that needs protecting, then yes, you definitely need a firewall. If you're a home user, you don't need one, but some protection is recommended, like a good virus scanner plus all the security patches. If you're an ISP, what can you firewall? 'ISP' and 'fortress' are mutually exclusive terms. The 'core' of the Internet can't do anything more than rudimentary filtering: not allowing egress of spoofed IP addresses, anti-smurf measures, etc."

[JL added] "If you're an ISP, you still need to firewall all the parts of your business operations (accounting, subscriber records, etc.) which are not a part of the Internet access network you provide to your subscribers."

SB took a more radical view of things:

"Remember, there are people out there that can destroy a simple router in minutes! I personally recommend an outside firewall, an inside firewall, DMZ between them, an IDS system or Snort in the DMZ, a couple of fake honeypot Web and FTP servers which are monitored by the IDS, then strip the machines to bare bones services, security patches, etc. Anything less and you're just easy pickings. The more you protect, the better."

Others observed that a firewall is just one part of the answer:

[BW noted] "A firewall is far from the ultimate secure solution; you should never rely exclusively on it. Real security extends to wider areas, including intrusion detection, file integrity check, encryption, forensic analysis, and the list goes on."

[PF added] "An intruder can only gain entry through one of two ways over a network. They can either exploit a hole in the process they connect to; or they can sniff, guess, or otherwise obtain a valid account on a service. A firewall can make it moderately difficult to do these things, but it's just one layer you can add to your defenses."

[ED noted] "A firewall alone does not magically solve security problems. Too many people just don't understand how much is involved."

— End

Related articles:
  [Jul. 11, 2001] ISP-Planet Survey:
Managed Security Service Providers
  [Jan. 16, 2001] Personal Firewalls Annoy Help Desk Technicians
  [Sep. 5, 2000] An Early Look At Network-Based VPN Deployment

 

#