FW: Microsoft: Many Firewalls are leaking
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 6 Oct 2004 08:33:30 -0500
________________________________
From: USEast News Service [mailto:USEastNewsService@xxxxxxxxxx]
Sent: Wednesday, October 06, 2004 7:54 AM
To: USEast News Service
Subject: Microsoft: Many Firewalls are leaking
Microsoft: Many Firewalls are leaking
By Dan Ilett <mailto:> ZDNet (UK)
<http://news.zdnet.com/redir?destUrl=http%3A%2F%2Fwww.zdnet.co.uk&edId=2
&siteId=22&oId=2102-1009-5397525&ontId=1009> October 5, 2004, 11:18 AM
PT
URL: http://news.zdnet.com/2100-1009-5397525.html
Speaking in London on Monday at a technical briefing on the need for
next generation firewalls, Microsoft security technology architect Fred
Baumhardt outlined some of the gaps that traditional firewalls are
leaving open.
"We are all bloody lucky that something hasn't obliterated IT on earth,"
said Baumhardt. "Firewalls are like retarded routers. They just look at
the ports, sources and destinations they like. If a train comes from
Gare du Nord [Paris] to Waterloo [London] via Eurostar you allow it to
enter the country because you trust it. That's what firewalls currently
do. They don't check to see if al-Quaeda is riding inside."
Ports allow certain types of Internet traffic to travel if they
correspond with the correct port number. For example, HTTP runs on port
80 and is often regarded as a trusted port, and left open. In the past
firewalls have often worked on this basis, without checking the content
of traffic. But Baumhardt called for IT professionals to ensure they had
better equipment. "I don't care which vendor you get it from," he said.
"I just want to see [next generation firewall] technology in front of
your network."
Baumhardt was demonstrating Microsoft's Internet Security and
Acceleration (ISA) Server 2004. He said that traditional firewalls were
failing to scan Internet traffic deeply enough to detect malicious
traffic.
"We trust traffic on ports that we think it should be on," said
Baumhardt. "But when you do that you relay control to the security
vendor. You need to understand the traffic you are trying to block."
Baumhardt gave the example of how many hackers use port 80 to enter a
network because it is treated as trusted traffic. He added that it was
also important to protect the network internally, not just at the
perimeter.
"We don't place devices to protect from within the internal network. But
if you don't put firewalls on chokepoints [critical areas in the
network] you won't defend your internal network."
The latest version of ISA Server has the ability to run 1.9-gigabit
throughput, said Baumhardt, and to scan port traffic at the application
layer, which could lead to better transparency. He said it also offers
VPN and port scanning technology.
But Baumhardt added that it was unwise to use firewalls without the
support of other security technology: "Believe it or not, Microsoft is
not the be-all and end-all of everything. We could be a platform for
other things to run on. You buy ISA so that you can complement it with
SurfControl or McAfee."
Other related posts:
