Firewalls are the most used security devices on the network and are an important cornerstone of network security. In order to occupy the market, firewall manufacturers are increasingly promoting firewalls, and many wrong things have appeared in the market. One of the typical mistakes is to make the firewall universal. However, in the August 2002 "Computer Security", it pointed out that the breach rate of firewalls has exceeded 47%. It is necessary to correctly understand and use firewalls, ensure the secure use of the network, and study the limitations and vulnerabilities of firewalls.
The top ten limitations of firewalls
1. The firewall cannot prevent attacks that do not pass through the firewall. The firewall cannot be checked without data passing through the firewall.
2. Firewalls cannot solve attacks and security issues from internal networks. Firewalls can be designed to protect both the outside and the inside, and no one can trust them, but most units do not require firewalls to protect the inside due to inconvenience.
3. The firewall cannot prevent security threats caused by improper policy configuration or incorrect configuration. A firewall is a passive security policy execution device. Just like a doorman, you must implement security according to policy regulations, and you cannot make your own decisions.
4. The firewall cannot prevent contactable man-made or natural damage. A firewall is a security device, but the firewall itself must exist in a secure place.
5. Firewalls cannot prevent attacks that exploit defects in standard network protocols. Once a firewall permits certain standard network protocols, the firewall cannot prevent attacks that exploit defects in that protocol.
6. The firewall cannot prevent attacks caused by exploiting server system vulnerabilities. The hacker attacks the server's vulnerability through access ports granted by the firewall, and the firewall cannot prevent it.
7. The firewall cannot prevent the transfer of virus-infected files. The firewall itself does not have the function of detecting and killing viruses. Even if it integrates third-party anti-virus software, there is no software that can detect and kill all viruses.
8. Firewalls cannot prevent data-driven attacks. Data-driven attacks may occur when some seemingly harmless data are mailed or copied to the host of the intranet and executed.
9. The firewall cannot prevent internal secret leakage. A legal user inside the firewall actively leaks secrets, and the firewall is powerless.
10. The firewall cannot prevent the threat of its own security vulnerabilities. Firewalls protect others sometimes cannot protect themselves. At present, there is no manufacturer that absolutely guarantees that the firewalls will not have security vulnerabilities. Therefore, some kind of security protection must be provided to the firewall.
Top 10 Fragility of Firewalls
1. The operating system of the firewall cannot be guaranteed to be free of vulnerabilities. No firewall manufacturer has said that its firewall does not have an operating system. There is no absolute guarantee that there are no security vulnerabilities with an operating system.
2. The hardware of the firewall cannot be guaranteed to not fail. All hardware has a life cycle, will age, and there will always be a day of failure.
3. Firewall software cannot guarantee that there are no vulnerabilities. Firewall software is also software, and if it is software, there will be vulnerabilities.
4. The firewall cannot solve vulnerabilities in TCP/IP and other protocols. The firewall itself is implemented based on TCP/IP and other protocols, and it cannot solve the vulnerabilities of TCP/IP operations.
5. The firewall cannot distinguish between malicious commands or good commands. There are many commands that are legal for administrators, and in the hands of hackers, they can be dangerous.
6. The firewall cannot distinguish between malicious traffic and good-will traffic. A user uses PING commands to use as network diagnostics and network attacks, and there is no difference in traffic.
7. The security of the firewall is inversely proportional to the multifunctionality. Multifunctions run counter to the security principles of firewalls. Therefore, unless certain features are believed to be required, the functions should be minimized.
8. The security and speed of the firewall are inversely proportional. The security of a firewall is based on the inspection of data. The thinner the inspection, the safer the more it is, but the thinner the inspection, the slower the speed.
9. The multifunctionality of the firewall is inversely proportional to the speed. The more functions a firewall has, the more consumption of CPU and memory, the more functions it has, the more checked, and the slower the speed.
10. The firewall cannot guarantee the security of the permitted services. A firewall allows a service, but cannot guarantee the security of the service. The security issues of the permitted service must be solved by application security.
The market needs a new generation of firewalls
With the increasing popularity of computer networks, the market needs a new generation of firewalls to change the current insecurity situation.
The new generation of firewalls is positioned to solve the following problems: 1. Protocol security issues; 2. Problems of attacks caused by viruses; 3. Problems of trustworthiness and untrustworthiness; 4. The security issues of the firewall itself, etc.
With the continuous development of network security technology, technologies such as physical isolation gate (GAP), anti-leakage system (Anti-Disclosure), anti-virus gateway (Anti-Virus Gateway), anti-attack gateway (Anti-DDOS Gateway), intrusion detection and defense (IDP) have greatly made up for the shortcomings of firewall technology, thus forming a more secure network defense system.
Are you tired of preventing hackers? Now you should take the offensive. At least this is the idea contained in the so-called honeypot. A honeypot is a computer system whose purpose is to attract an attacker and then record every move.
The implementation of honeypot technology
Honey pots are like intelligence collection systems. The honeypot seems to be a target that deliberately makes people attack, luring hackers to come and attack. So after the attacker invades, you can know how he succeeds and keep abreast of the latest attacks and vulnerabilities launched against your company's servers. You can also use hackers to eavesdrop on the connections between hackers, collect various tools used by hackers, and master their social networks.
Setting up a honeypot is not difficult, as long as there is a computer on the external Internet that runs unpatched Microsoft Windows or Red Hat Linux. Because hackers may set traps to obtain computer logs and review functions, you need to install a network monitoring system between the computer and the Internet connection to quietly record all traffic in and out of the computer. Then just sit down and wait for the attacker to fall into the trap.
However, setting up a honeypot is not to say there is no risk. This is because most systems that are under security are used by hackers to attack other systems. This is downstream liability, which leads to the topic of honeynet.
Honey.com refers to a honeypot that uses technology to record the hacker's actions in a reasonable way, while minimizing or eliminating risks to other systems on the Internet. An example is a honeypot built behind a reverse firewall. The purpose of a firewall is not to prevent inbound connections, but to prevent honeypot from establishing outbound connections. However, although this method prevents the honeypot from destroying other systems, it is easy to be discovered by hackers.
Data collection is another technical challenge in setting up a honeypot. Honeypot monitors can clearly understand what the hacker does as long as they record every packet entering and leaving the system. The log files on the honeypot itself are also a good source of data. However, log files are easily deleted by attackers, so the usual way is to let honeypot send log backups to remote system log servers on the same network but with a relatively complete defense mechanism. (Be sure to monitor the log server at the same time. If an attacker breaks into the server with a new method, the honeypot will undoubtedly prove its value.)
In recent years, as black hat groups increasingly use encryption technology, the difficulty of data collection tasks has been greatly enhanced. Now, they have accepted the advice of many computer security professionals and instead adopted password protocols such as SSH to ensure that network monitoring is powerless to their communications. Mi.com's password calculation is to modify the operating system of the target computer so that all the entered characters, transmitted files and other information are recorded in the log of another monitoring system. Because attackers may find such logs, MiNet plans use a hidden technology. For example, hide the incoming characters into the NetBIOS broadcast packet.
Advantages of honeypot technology
One of the advantages of honeypot systems is that they greatly reduce the data to be analyzed. For a normal website or mail server, attack traffic is often overwhelmed by legitimate traffic. Most of the data in and out of honeypots is attack traffic. Therefore, it is much easier to browse data and find out the actual behavior of the attacker.
Since its launch in 1999, the Miwang Project has collected a lot of information that you can find on it. Some of the findings include: the attack rate has doubled in the past year; attackers are increasingly using automatic click tools that plug vulnerabilities (the tools are easily updated if new vulnerabilities are found); despite the bluff, few hackers adopt new attack methods.
Honeypots are mainly a research tool, but also have real commercial applications. Set the honeypot on an IP address adjacent to the company's web or mail server and you can see the attacks it has been subjected to.
Of course, honeypots and honeynets are not safety equipment that "ignor fire and forget". According to the MiNet Program, it usually takes 30 to 40 hours to truly figure out the damage an attacker has caused in just 30 minutes. The system also needs careful maintenance and testing. With a honeypot, you have to constantly fight wits and courage with hackers. It can be said that you choose the battlefield, while your opponent chooses the opportunity to compete. Therefore, you must always be vigilant.
One of the most exciting development achievements in the honeypot field is the emergence of virtual honeynets. A virtual computer network runs on a single machine using virtual computer systems such as VMware or User-Mode Linux. Virtual Systems allow you to run several virtual computers (usually 4 to 10) on a single host system. Virtual honeynet greatly reduces the cost, the machine takes up space and the difficulty of managing honeypots. In addition, virtual systems usually support "hang" and "recovery" functions, so you can freeze securely compromised computers, analyze attack methods, and then open TCP/IP connections and other services on the system.
For the chief security officer (CSO) of a large organization, one of the best reasons to run MiNet is to find people with bad intentions inside.
Legal issues of honeypot technology
Unexpectedly, monitoring honeypots also have to bear corresponding legal consequences, for example, it may violate the Anti-Eavesdropping Law. Although there is currently no case law, most people familiar with this law believe that the slogans agreed to be the way out. That is, tag each honeypot with a slogan: "Anyone using the system agrees that his behavior is monitored and disclosed to others, including law enforcement."
The top ten limitations of firewalls
1. The firewall cannot prevent attacks that do not pass through the firewall. The firewall cannot be checked without data passing through the firewall.
2. Firewalls cannot solve attacks and security issues from internal networks. Firewalls can be designed to protect both the outside and the inside, and no one can trust them, but most units do not require firewalls to protect the inside due to inconvenience.
3. The firewall cannot prevent security threats caused by improper policy configuration or incorrect configuration. A firewall is a passive security policy execution device. Just like a doorman, you must implement security according to policy regulations, and you cannot make your own decisions.
4. The firewall cannot prevent contactable man-made or natural damage. A firewall is a security device, but the firewall itself must exist in a secure place.
5. Firewalls cannot prevent attacks that exploit defects in standard network protocols. Once a firewall permits certain standard network protocols, the firewall cannot prevent attacks that exploit defects in that protocol.
6. The firewall cannot prevent attacks caused by exploiting server system vulnerabilities. The hacker attacks the server's vulnerability through access ports granted by the firewall, and the firewall cannot prevent it.
7. The firewall cannot prevent the transfer of virus-infected files. The firewall itself does not have the function of detecting and killing viruses. Even if it integrates third-party anti-virus software, there is no software that can detect and kill all viruses.
8. Firewalls cannot prevent data-driven attacks. Data-driven attacks may occur when some seemingly harmless data are mailed or copied to the host of the intranet and executed.
9. The firewall cannot prevent internal secret leakage. A legal user inside the firewall actively leaks secrets, and the firewall is powerless.
10. The firewall cannot prevent the threat of its own security vulnerabilities. Firewalls protect others sometimes cannot protect themselves. At present, there is no manufacturer that absolutely guarantees that the firewalls will not have security vulnerabilities. Therefore, some kind of security protection must be provided to the firewall.
Top 10 Fragility of Firewalls
1. The operating system of the firewall cannot be guaranteed to be free of vulnerabilities. No firewall manufacturer has said that its firewall does not have an operating system. There is no absolute guarantee that there are no security vulnerabilities with an operating system.
2. The hardware of the firewall cannot be guaranteed to not fail. All hardware has a life cycle, will age, and there will always be a day of failure.
3. Firewall software cannot guarantee that there are no vulnerabilities. Firewall software is also software, and if it is software, there will be vulnerabilities.
4. The firewall cannot solve vulnerabilities in TCP/IP and other protocols. The firewall itself is implemented based on TCP/IP and other protocols, and it cannot solve the vulnerabilities of TCP/IP operations.
5. The firewall cannot distinguish between malicious commands or good commands. There are many commands that are legal for administrators, and in the hands of hackers, they can be dangerous.
6. The firewall cannot distinguish between malicious traffic and good-will traffic. A user uses PING commands to use as network diagnostics and network attacks, and there is no difference in traffic.
7. The security of the firewall is inversely proportional to the multifunctionality. Multifunctions run counter to the security principles of firewalls. Therefore, unless certain features are believed to be required, the functions should be minimized.
8. The security and speed of the firewall are inversely proportional. The security of a firewall is based on the inspection of data. The thinner the inspection, the safer the more it is, but the thinner the inspection, the slower the speed.
9. The multifunctionality of the firewall is inversely proportional to the speed. The more functions a firewall has, the more consumption of CPU and memory, the more functions it has, the more checked, and the slower the speed.
10. The firewall cannot guarantee the security of the permitted services. A firewall allows a service, but cannot guarantee the security of the service. The security issues of the permitted service must be solved by application security.
The market needs a new generation of firewalls
With the increasing popularity of computer networks, the market needs a new generation of firewalls to change the current insecurity situation.
The new generation of firewalls is positioned to solve the following problems: 1. Protocol security issues; 2. Problems of attacks caused by viruses; 3. Problems of trustworthiness and untrustworthiness; 4. The security issues of the firewall itself, etc.
With the continuous development of network security technology, technologies such as physical isolation gate (GAP), anti-leakage system (Anti-Disclosure), anti-virus gateway (Anti-Virus Gateway), anti-attack gateway (Anti-DDOS Gateway), intrusion detection and defense (IDP) have greatly made up for the shortcomings of firewall technology, thus forming a more secure network defense system.
Are you tired of preventing hackers? Now you should take the offensive. At least this is the idea contained in the so-called honeypot. A honeypot is a computer system whose purpose is to attract an attacker and then record every move.
The implementation of honeypot technology
Honey pots are like intelligence collection systems. The honeypot seems to be a target that deliberately makes people attack, luring hackers to come and attack. So after the attacker invades, you can know how he succeeds and keep abreast of the latest attacks and vulnerabilities launched against your company's servers. You can also use hackers to eavesdrop on the connections between hackers, collect various tools used by hackers, and master their social networks.
Setting up a honeypot is not difficult, as long as there is a computer on the external Internet that runs unpatched Microsoft Windows or Red Hat Linux. Because hackers may set traps to obtain computer logs and review functions, you need to install a network monitoring system between the computer and the Internet connection to quietly record all traffic in and out of the computer. Then just sit down and wait for the attacker to fall into the trap.
However, setting up a honeypot is not to say there is no risk. This is because most systems that are under security are used by hackers to attack other systems. This is downstream liability, which leads to the topic of honeynet.
Honey.com refers to a honeypot that uses technology to record the hacker's actions in a reasonable way, while minimizing or eliminating risks to other systems on the Internet. An example is a honeypot built behind a reverse firewall. The purpose of a firewall is not to prevent inbound connections, but to prevent honeypot from establishing outbound connections. However, although this method prevents the honeypot from destroying other systems, it is easy to be discovered by hackers.
Data collection is another technical challenge in setting up a honeypot. Honeypot monitors can clearly understand what the hacker does as long as they record every packet entering and leaving the system. The log files on the honeypot itself are also a good source of data. However, log files are easily deleted by attackers, so the usual way is to let honeypot send log backups to remote system log servers on the same network but with a relatively complete defense mechanism. (Be sure to monitor the log server at the same time. If an attacker breaks into the server with a new method, the honeypot will undoubtedly prove its value.)
In recent years, as black hat groups increasingly use encryption technology, the difficulty of data collection tasks has been greatly enhanced. Now, they have accepted the advice of many computer security professionals and instead adopted password protocols such as SSH to ensure that network monitoring is powerless to their communications. Mi.com's password calculation is to modify the operating system of the target computer so that all the entered characters, transmitted files and other information are recorded in the log of another monitoring system. Because attackers may find such logs, MiNet plans use a hidden technology. For example, hide the incoming characters into the NetBIOS broadcast packet.
Advantages of honeypot technology
One of the advantages of honeypot systems is that they greatly reduce the data to be analyzed. For a normal website or mail server, attack traffic is often overwhelmed by legitimate traffic. Most of the data in and out of honeypots is attack traffic. Therefore, it is much easier to browse data and find out the actual behavior of the attacker.
Since its launch in 1999, the Miwang Project has collected a lot of information that you can find on it. Some of the findings include: the attack rate has doubled in the past year; attackers are increasingly using automatic click tools that plug vulnerabilities (the tools are easily updated if new vulnerabilities are found); despite the bluff, few hackers adopt new attack methods.
Honeypots are mainly a research tool, but also have real commercial applications. Set the honeypot on an IP address adjacent to the company's web or mail server and you can see the attacks it has been subjected to.
Of course, honeypots and honeynets are not safety equipment that "ignor fire and forget". According to the MiNet Program, it usually takes 30 to 40 hours to truly figure out the damage an attacker has caused in just 30 minutes. The system also needs careful maintenance and testing. With a honeypot, you have to constantly fight wits and courage with hackers. It can be said that you choose the battlefield, while your opponent chooses the opportunity to compete. Therefore, you must always be vigilant.
One of the most exciting development achievements in the honeypot field is the emergence of virtual honeynets. A virtual computer network runs on a single machine using virtual computer systems such as VMware or User-Mode Linux. Virtual Systems allow you to run several virtual computers (usually 4 to 10) on a single host system. Virtual honeynet greatly reduces the cost, the machine takes up space and the difficulty of managing honeypots. In addition, virtual systems usually support "hang" and "recovery" functions, so you can freeze securely compromised computers, analyze attack methods, and then open TCP/IP connections and other services on the system.
For the chief security officer (CSO) of a large organization, one of the best reasons to run MiNet is to find people with bad intentions inside.
Legal issues of honeypot technology
Unexpectedly, monitoring honeypots also have to bear corresponding legal consequences, for example, it may violate the Anti-Eavesdropping Law. Although there is currently no case law, most people familiar with this law believe that the slogans agreed to be the way out. That is, tag each honeypot with a slogan: "Anyone using the system agrees that his behavior is monitored and disclosed to others, including law enforcement."