What do we think firewalls do? (Fred Rants)

Do firewalls just filter on IP packet header information? This was asserted by a few people on a panel of security solution providers, perhaps mostly by the IDS and SIM vendors. This panel discussion, which I moderated, was at the New York Metro Network Security Forum of The Institute for Applied Internet Security (which I talk about here).

Okay, the answer is “heck no.” How did we get here? Why do we think this? First, a brief history (which you can find in a presentation at FirewallsHistory.html). The first security firewalls were built on routers with static packet filtering, making decisions of PERMIT and DENY based on the packet header (source, destination, packet type, port). Most modern firewalls simply add dynamics, allowing for decisions based on whether the session was already initiated. Still, it is true that these firewalls know nothing about the applications running through them. But, those are not the only types of firewalls. Firewalls have been able to make application-specific decisions since the first application gateway firewalls hit the Internet in the early 1990s.

So, why do people think firewalls require IDS? Because the top-selling firewalls have for the past 8 to 10 years promoted usability and administration over security. Not overtly, but when the former are promoted, the thing that gives is the latter.

Check out the above mentioned presentation, if you like. You also might be interested in fw2hundred.html, apgw+spf.html, and Firewalls: Are We Asking Too Much?, Information Security Magazine, May 1999 cover article.

The Institute for Applied Network Security

I spent an interesting and unique 2 days this week with some fascinating people in the computer security field. Though I was a member of the faculty, there were no class rooms and no formal instruction. Instead the other faculty and I acted as facilitators of discussion groups made up of the members who are from a cross-section of the public and private sector. As The Institute’s web page says, “The Forum’s curriculum is modeled on the Harvard Business School teaching method, which emphasizes real-world, case-based discussions that yield tangible, usable techniques and insights. In order to create an intimate discussion environment, enrollment is limited to only 100 qualified network security professionals.” It was sort of like what I envision “Renaissance Weekend” to be like, except without the Clintons (and so more enjoyable, at least for me), and made up of really smart people with varying experience and maturity in our field. When we started I knew about 5 people there, including a few of the faculty. When we left — after only two days — I felt as if leaving 80 colleagues.

The calendar is available at http://www.ianetsec.com.


Happy Birthday, Martin Luther (1483)

If you did not see the 2003 movie Luther you’ve missed a good one that was in and out of the theaters too quickly. We did see it a few weeks ago, and I recommend it. It will be out in DVD soon enough. One of my favorite quotes of the great reformer is this:
I have preached justification by faith so often, and I feel sometimes that you are so slow to receive it that I could almost take the Bible and bang it about your heads.

Char Sample Quote

“Due to popularity, the definition as become vague.”

For some reason that tickled me. No, I am not telling you the context, except that it was during her excellent talk at The CSI 30th Annual Computer Security Conference and Exhibition last week in DC.

Char was a TIS Firewall Toolkit then Gauntlet developer, and currently works for Verizon in Maryland.


Stuck with IE

Here’s what I want to do. It is very simple. When I click on a URL in an application (for example, in e-mail) I’d like a new browser to launch. Seems reasonable, I think. If I have a browser opened already (or two or three), I may not be done reading what it is displaying. I know it uses more resources to launch a new browser but it is a 2Gig processor, for goodness sake!

No. Don’t tell me to just go into Internet Options/Advanced and de-select “Reuse windows for launching shortcuts.” It is already “unchecked.” When I use IE this works as advertised. Every time I click on a URL, it launches a new browser instance. Perfect. But, if I use Opera, or Mozilla (or Firebird), or Netscape, it works correctly for a while. (“Correctly” = “opens a new browser instead of overwriting an open browser.”) Then it stops working. By this I mean all of a sudden when I click on a URL it will use an already open browser window. If I reset (make something else
my default browser then go back) it starts working again.

So, I have given up and gone back to using IE. It is too frustrating to get this to work right. Is this a Microsoft plot? Or are Netscape, Opera, Mozilla/Firebird all broken? I really do not know.

Suggestions welcomed.