I am sure the following article is appropriate for this forum...
Date: Sun, 13 Aug 2000 19:52:47 PDT
From: "Peter G. Neumann" <[EMAIL PROTECTED]>
Subject: Hackers breach Firewall-1
[Source: David Raikow, Sm@rt Partner, 2 Aug 2000
http://www.zdnet.com/zdnn/stories/news/0,4586,2610719,00.html]
An audience of several hundred network security professionals watched
with
rapt attention last week as a trio of hackers repeatedly penetrated one
of
the industry's most trusted and popular firewall products -- Checkpoint
Software's Firewall-1. The demonstration, presented at the "Black Hat"
security conference in Las Vegas, challenged the widely accepted notion
that
firewalls are largely immune to direct attack.
The panel -- John McDonald and Thomas Lopatic of German security firm
Data
Protect GmbH and Dug Song of the University of Michigan -- identified
three
general categories of firewall attacks. They began by demonstrating a
number
of relatively simple techniques by which an attacker could impersonate
an
authorized administrator, and thus gain access to the firewall
application
itself.
A second type of attack tricked the firewall into believing an
unauthorized
Internet connection was actually an authorized virtual private network
connection. Finally, the panel exploited a number of errors in the
process
used to examine traffic passing through the firewall to sneak in
dangerous
commands.
While their presentation focussed on a single commercial firewall
product,
panel members repeatedly emphasized that most firewalls are vulnerable
to
the types of attacks demonstrated. "The problem is not just with
[Firewall-1]," said Song. "The real problem is the blind trust most
people
place in their firewalls."
Greg Smith, Checkpoint's director of product marketing for Firewall-1,
pointed out that many of the attacks demonstrated relied on improper
firewall configuration, and he asserted that they presented little
practical
threat. "Not a single customer has reported a problem with any of these
issues."
Nevertheless, Checkpoint worked with McDonald, Lopatic and Song in
developing defenses against the attacks, which they released as part of
Firewall-1 Service Pack 2 immediately following the demonstration.
Checkpoint emphasized that the service pack should prevent all of the
attacks discussed, even those dependent on misconfiguration.
The panel also recommended a number of additional steps for "hardening"
firewalls, including use of strong authentication protocols,
"anti-spoofing"
mechanisms and highly restrictive access rules. At the same time, they
called
on the IT community to abandon the "single firewall" model of network
security
and implement multiple lines of defense.
However, one observer of the session, employed by a network switch
manufacturer, thinks Checkpoint lost some credibility over its products.
"Some of the exploited areas were because of dumb programming mistakes
in
the code for the firewall itself. If the [firewall] programmers can't
get
it right, what other problems may still be lurking?" he pondered.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
