Click here to receive your FREE subscription to Campus Technology
Viewpoint
Firewalls: A Hammer in Search of a Nail
5/29/2008
Back in 1990s one of the debates was whether the network should be smart or just a "big dumb pipe." By the turn of the century we thought the "big dumb pipe" theory of networking won. The network would provide end-to-end connectivity that was agnostic with regard to content. Any problems would be resolved by simply adding more bandwidth. But now, rather than a large agnostic pipe we find that applications must navigate through firewalls, anti-virus gateways, traffic shapers, proxies, and other active network security devices. In short, the network has become very content-aware and our "security" devices may be downgrading performance for many applications.As part of a presentation on Cyberinfrasturcture Architectures, Security and Advanced Applications at the Internet2 Member Meeting held last April, Joe St. Sauver, University of Oregon and Manager of the Internet2 Security Programs talked about the pros and cons of firewalls and considered their impact on advanced applications. The points he makes should be carefully considered.
Firewalls Everywhere
The foundation of most campuses' network security is built around firewalls, dedicated hardware appliances, or software running on dedicated computers that looks at messages passing through the firewall and blocks those that do not meet specified security criteria. This examination is done in a variety of ways, including: looking at each packet traversing the firewall and accepting or rejecting it based on user defined rules; applying security restrictions to specific applications such as FTP and Telnet; applying security restrictions when a TCP or UDP connection is established; and hiding a network's true network address by implementing a proxy server.
Philosophically, firewalls are a perimeter defense, much like the walls surrounding ancient Troy. (And we all know how successful they were.) One variable is how big the defensive perimeter is: the entire campus, a department, or an individual computer. Or all three. And like any perimeter defense there has been substantial discussion over the years regarding the efficiency of such strategies. (See for example Terry Grays classic 2003 paper " Firewalls: Friend or Foe.")
But how much protection do firewalls really provide and what are the negative impacts on advanced applications?
A Firewall Is Our Friend
St. Sauver identified a number of good reasons for running a firewall:
Recommended Reading
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
- Data Breach Strikes U North Dakota Alumni Association
The alumni association for the University of North Dakota has gone public with a data breach that occurred when a laptop belonging to a software vendor was stolen from a vehicle. The computer contained the names of 84,000 university alumni, donors, and others, according to coverage by the Grand Forks Herald.
- Tips for Selecting a Campus CRM tool
As competition for students increases, colleges and universities are looking more and more to customer (or constituent) relationship management software for help in remaining competitive.
- Intercast Networks Goes into Beta with Kazam Video Service at Internet2 Universities
Intercast Networks has redesigned Kazam, its student Internet TV and video service based on the company's VideoXpress platform. Following a spring semester alpha trial at Columbia and Purdue University, the company redesigned Kazam's interface based on student feedback and added additional content that caters to a student audience.
- Michigan State Managing MRI Images from Africa with Acuo Tech DICOM Services Grid
Doctors at Michigan State University have begun using the Digital Imaging and Communications in Medicine (DICOM) Services Grid from Acuo Technologies to transport and manage magnetic resonance imaging (MRI) results from a hospital in Malawi, Africa in order to monitor the impact of malaria on children.
- IIT Delhi Delivers Services with Ingres Open Source
Administrators at the Indian Institute of Technology Delhi (IIT Delhi) have gone public with their installation of open source database management software from Ingres. IIT Delhi, one of seven leading institutes of technology in India, adopted Ingres Database to support administration functions such as grading, finance, human resources, procurement, and hospital administration.
