Re: Poor practice of using a router as a firewall

Sat, 22 Jul 2000 05:05:48 -0700 


Terrance Ingoldsby <[EMAIL PROTECTED]>  writes:
> Does anyone know of a well documented incident that caused significant
> disruption to an organization that used a packet filter router for
> protection instead of a real firewall?  I have lots of anecdotal
> accounts from conferences, etc., but nothing that I can point to that
> says "In Oct, 1999 hackers broke through the brand X router used at
> company ABC and reformatted the disks on 11 servers".  Without a
> concrete example management will conclude that we are just paranoid.

It is not really bad to have a router with ACLs as a firewall. 
The only disadvantage of this constellation is the possibility 
of doing ACK and FIN scans. If you have a stateful inspection 
based firewall you just get the advantage of avoiding these kind 
of scans and eventually DOS attacks based on these packets.

As soon as you let traffic through your firewall, you have a 
much higher risk. If you have your Webserver behind your 
firewall (it does not matter if it is a simple packetfiler or a 
more sophisticated firewall) and not in a DMZ you have already 
lost.

To give you the statement you want: In March 2000 it was 
possible to connect to a HTTPS server through Firewall-1 and to 
get administrative privileges on that server.
Nobody destroyed the hard disk, because it was a security audit. 
It was possible, because the server was badly configured. (WinNT 
and IIS, it was not Microsofts fault!)

Because the server was isolated in a DMZ, it was not possible to 
attack other systems. If that system had been behind the 
firewall, this server could have been used attack all internal 
systems.

What is the point of this post? It does not matter what products 
you use. With a good design and cheap hardware you can achieve 
more security than with just an expensive well known product. ==>
 There are many ways to shoot yourself in the foot.

have fun ...

-- 
===============================================================
 Peter Bruderer             mailto:[EMAIL PROTECTED]
 Bruderer Research GmbH                  Tel ++41 52 620 26 53
 IT Security Services                    Fax ++41 52 620 26 54
 CH-8200 Schaffhausen         http://www.bruderer-research.com
===============================================================


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to