mozar
Highly Honored Mass-Poster
Posts: 1524
|
 |
A Firewall Article
« on: Oct 28th, 2003, 1:35am » |
 Quote  Modify
|
Let me say that it is not because I use 8Signs FW that I am posting this little article here , but it is because I think this article does have some conceptual relevance ( I am not a salesman or a true believer , ok ) .
Here is the copy :
" ... The Case for Software Firewalls
by James Grant
Since personal firewalls appeared in 1997, they have drawn praise from users, scorn from others and blossomed into big business for the anti-virus companies. 8Signs Firewall goes beyond personal firewalls but is Windows-based like them.
Are S/W firewalls worth it?
Do they really help?
When and how are they a good idea?
I'll try to answer these questions, to help put their value and limitations in perspective.
I will use the term "software firewalls" to mean a class of firewalls that run on operational systems, systems that have some other primary purpose: workstation, server, etc. This distinguishes it from dedicated systems whose sole purpose is to be a firewall. With this definition, personal firewalls and 8Signs Firewall are included. What is a "personal firewall"? Let's say it is a firewall that runs on a workstation, not a server.
What is a "firewall"? That's a question to start a fight  . The definition I will use is that it is a method of protecting computers and networks whereby all packets are inspected and allowed only if it permitted by the controls that are in place. I use the word "method" because some people define it as a separate piece of hardware, thereby disqualifying "personal firewalls" out of hand. A classical firewall is a dedicated system, but the term has been expanded to include more.
The first criticism of software firewalls was that they were inherently insecure because they resided on the computer you were trying to protect. A cardinal rule with a dedicated firewall is that it must not run any software that is not essential to performing the task of firewalling. This criticism is valid and fair. It marks the limitation of the security a software firewall can provide. It is ultimately no more secure that the other software you run. If you get infected by a virus (or trojan), this malware can interfere with the firewall and stop it from protecting you.
Having said that, the value of the software firewall stands out. It is placed exactly where you need security - on the computer. It is closest to the "crown jewels". Not all attacks come from the outside of a network firewall. Some come from co-workers. A software firewall can add to your security plan.
What about a software firewall like 8Signs Firewall running right on a server connected to the Internet? There are many reasons why this is your best bet. Firstly, an Internet server shouldn't be running any sofware unrelated to performing its main task of being a server. Therefore the chance of it being infected with viruses and trojans is (or should be!) low. Can it be hacked? Maybe, if you're not keeping up with security patches. You should turn off unnecessary Operating System features. Also, 8Signs Firewall blocks unused ports, ensuring they don't get used. Version 2.0 includes HTML filtering, to help protect web servers from being hacked. This adds up to real security for your Internet server.
One criticism levelled against Windows-based firewall is that they can be no more secure than the Operating System on which they run. The thinking is that if Windows has a bug, the firewall has a bug. This is unfair. 8Signs Firewall is designed so that it filters packets before they are passed up to the Operating System. Similarly, it is the last one to see a packet before it goes out on the network. Being at this low level, it operates between the network and the Operating System. It can protect you from bugs in the Operating System.
A classic example of this is what happened when ConSeal PC Firewall was launched in 1997. Hackers were just discovering bugs in Microsoft's implementation of TCP/IP and they found attacks that could crash or freeze your PC. Fortunately, these packets were easily identifiable and ConSeal PC Firewall could stop them. This shows how software firewalls protected a PC beyond the strength of its Operating System.
Software firewalls have limitations and I touched on one of them. Trojans. A trojan that is running on your system can potentially do anything, including stopping the firewall, setting it to not run, change the ruleset, and so on. You can let your imagination run wild. Software firewalls protect you from what's outside. They don't protect you from what's already on your system. For that, use anti-virus (or anti-trojan) software and keep up-to-date.
In conclusion, software firewalls have real value, but are not the be-all and end-all of security. They can be a good complement to a network firewall, protecting individual PCs. 8Signs Firewall has been tailored to protect Internet servers and also to bring the power of a firewall to home users in the workstation version.
JG, August 2003 ... "
|
Mischel Internet Security Forum
Reply
Notify of replies
Send Topic
Print
Author
IP Logged
Remove
Search
Members
Login
Register