ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Should you be using distributed firewalls?

Federal Computer Week

June 21, 2000
Web posted at: 10:12 a.m. EDT (1412 GMT)

(IDG) -- The firewall, which has served as the sentry between the outside world of the Internet and the internal agency network, may be moving inside the network perimeter to World Wide Web servers, PCs, modems and silicon chips.

Such internal firewalls, known as distributed firewalls, are the next line of defense against hackers who breach traditional firewalls by exploiting open ports and e-mail servers.

Network managers tend to see distributed firewalls as added firepower against hackers.

  ALSO
 

"It's a dual protection," said Rick Shantery, senior network engineer at Intellinetics Corp., a document management firm in Columbus, Ohio. He added CyberWallPlus embedded firewall software, a product from Network-1 Security Solutions Inc., to his internal servers after he realized that hackers occasionally made it past Ramp Networksâ WebRamp Internet access and firewall box Intellinetics uses.

"I could see from the log data they were coming in," he said. "These deliberate hack attacks happen daily, [but] if they make it through, the embedded firewall in the server is there to stop them."

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Federal Computer Week home page
  Free Subscriptions to Federal Computer Week
  IDG.net's personal news page
  How it works: Personal firewalls
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  TechInformer
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletters
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

The second line of defense may also be necessary because traditional firewalls do little to stop inside attacks, according to top firewall expert Steven Bellovin, an AT&T Corp. Labs researcher.

"Distributed firewalls can reduce the threat of actual attacks by insiders, simply by making it easier to set up smaller groups of users," Bellovin wrote in the paper "Distributed Firewalls." "Thus, one can restrict access to a file server to only those who need it, rather than letting anyone inside the company pound on it."

But some security vendors have mixed views about distributed firewalls.

Mark McArdle, a vice president in Network Associates Inc.'s managed security services division, questioned the value of running firewall software directly on the Web server.

"Applications on servers are usually managed by different people than the ones who manage firewalls," McArdle said. "Application servers tend to be changed with a little more of a cavalier attitude, which could affect the firewall on it."

John Pescatore, research director for network security at the Gartner Group Inc. consultancy, concurred.

"The problem is the Webmasters control the Web server," Pescatore said, noting that when they make wholesale changes, it could destroy the efficacy of the firewall software on it.

Rather, Pescatore is bullish on the idea of embedding firewalls in silicon, something that Secure Computing Corp. is undertaking with 3Com Corp., and WatchGuard is trying to do by licensing its Firechip. Hardware will support faster packet processing than software, he said.




RELATED STORIES:
Linux on the PowerPC
June 12, 2000
Second line of defense: Distributed firewalls
June 6, 2000
Security hole found in Network Associates firewall
June 2, 2000
FBI, DOJ issue list of worst Net threats
June 2, 2000
Top 10 security utilities
May 22, 2000

RELATED IDG.net STORIES:
Should you encode your e-mail?
(The Industry Standard)
New intrusion-detection devices debut
(NetworkWorld Fusion)
Distributed firewalls still in their infancy
(NetworkWorld Fusion)
Popular firewall vulnerable to denial-of-service attacks
(Computerworld)
How it works: Personal firewalls
(PC World.com)
E-BusinessWorld
(IDG.net)
TechInformer: The Thinking Internaut's Guide to the Tech Industry
(IDG.net)

RELATED SITES:
F-Secure Web
WatchGuard
Network Associates
AT&T Homepage

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.