Saturday, August 17, 2002|
Courtesy of
MIT Technology Review: Firewall Follies. Simson Garfinkel. They don't make business systems significantly more secure. And by focusing attention on defending the perimeter, rather than on defending information assets within an organization, firewalls foster lax internal security practices that magnify the damage that insiders can inflict. [Tomalak's Realm](see also the following paragraph...) What firewalls do accomplish, however, is this: they make the Internet more cumbersome to use. I recently visited a friend’s firm in New York and wanted to check my e-mail, so I plugged my laptop into a network jack in an unused office. Access denied: my PC wasn’t set up to work with the company’s firewall. So instead of reading my e-mail, I occupied myself by sniffing the traffic on the office network and probing for a way out. (Had I been inclined, I could have read everybody else’s e-mail—or done real damage.)I was working at a client once, with a programmer seeking to develop a program that would send e-mail when a customer ordered literature. I was looking for an SMTP server, and so used nslookup to list the computers in the domain, looking for something called "FOOSMTP" or "MAILSERVER" or the like. (No such luck—this client, a heavy IBM user for years, had nearly meaningless strings for server names, PC names, usernames, etc.) In any case, I had warned the programmer that trying to find an open port would probably alert network security. In a few moments, he got a call: his PC had initiated a dump of the DNS database; did he have a good explanation for what happened? |
