Click here to receive your FREE subscription to Campus Technology
Viewpoint
Firewalls: A Hammer in Search of a Nail
5/29/2008
- Firewalls may encourage an over reliance on a single security technique and introduce a false sense of security.
- Firewalls don't address the problem of "insider threats," which are roughly as common as external threats.
- Firewalls don't protect you from Distributed Denial of Service (DDoS) attacks, which now account for 1 percent to 3 percent of all inter-domain traffic.
- Firewalls aren't of much help in protecting personally identifiable information (PII), as most firewalls routinely permit arbitrary outbound traffic to all external destinations.
And the list goes on. The point critics are making is that firewalls were designed to mitigate classic computer intrusions based on automated scans and brute force login attempts, but that isn't the primary threat anymore. Our strategic systems are protected by two-factor identification, and traffic is likely to be encrypted.
Problems with Advanced Applications
There are two basic problems with firewalls: They degrade network performance and make it difficult to troubleshoot network-based application problems. In short, instead of a big dumb pipe, we have a "smart" pipe. Instead of having a network that always passes traffic, we have a network that sometimes passes traffic. If all a user is doing is Web browsing or e-mail, this isn't a problem. But what happens to more advanced applications--the kind of applications that characterize a research institution. If things don't work, is it a network problem or an application problem, or is it both? And remember, packets are traversing multiple firewalls managed by multiple organizations. A classic example of firewalls breaking applications is videoconferencing.
Videoconferencing
This is an application that has personally burned me. Back when I was running an ISP, we were an early leader in the use of H.323 video conferencing, and one of our clients was a large urban university whose president was on my board of directors. We did a good job of selling the potential of H.323 videoconferencing, and he became a both a user and an advocate. Unfortunately his campus had outsourced network operations to a private company that believed that firewalls were transparent to all legitimate traffic. The documentation provided by the firewall manufacturer clearly stated that video should work just fine through the firewall. But it didn't. And no amount of technical or empirical evidence could convince them that their firewall was the problem. The only way we could make things work, after an incredible investment of time, was to hack his campus network and bypass the offending firewall. The downside was that my board member blamed the problems on my organization, not his campus firewall.
Recommended Reading
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
- U Florida and Cyntellect Collaborate to Unlock Mysteries of Cancer Stem Cells
The University of Florida has entered into a research agreement with life sciences company Cyntellect. The university's Interdisciplinary Center for Biotechnology Research will work with the company to focus on a variety of research areas including the purification and analysis of cancer stem cells (CSCs), rare cells believed to be directly involved in propagating cancers.
- George Mason U Receives Grant To Deploy Intergraph Apps for Intelligence Curriculum
George Mason University (GMU) in Fairfax, VA has been awarded a grant from Intergraph to enable students enrolled in GMU's Geospatial Intelligence Graduate Certificate program to use the company's geospatial production and exploitation software as part of their core curriculum.
- Institute for Cyber Security at U Texas, San Antonio Opens Incubator
The University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS) has launched a new Internet security incubator. The incubator was developed to commercialize promising technologies that address major cyber security and privacy issues. The first companies to enter the incubator are Denim Labs and SafeMashups.
- ISO/IEC Publishes Office Open XML Standard
ISO/IEC has published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.
- Dynamics NAV 2009 ERP Coming Next Month
Microsoft exec Kirill Tatarinov Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.
