Thoughts on Firewalls: Topologies, Application Impact, Network Management , Tech Support and more Deke Kassabian, April 2007 Opening Statements Common desktop & server operating systems are getting better, but are still not network-safe in their default 'out of the box' configuration.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Deke Kassabian, April 2007
Common desktop & server operating systems are getting better, but are still not network-safe in their default 'out of the box' configuration.
Firewalls can provide security help, but seemingly obvious designs can create problems while adding little value.
Most end-systems can be operated in a network-safe way without firewalls, though often not in their default configuration, and not without ongoing effort.
People sometimes try to solve problems through the use of firewalls without acknowledging their downsides.
May lead to attacks launched from the outside, exploiting vulnerabilities on the inside.
For example, a single system with a default administrator password for a service that the firewall rules permit makes the inside vulnerable. The firewall doesn't provide much help here.
(2) The larger the community of users on the inside, the more likely that no common security policy will suit them all.Users with a diverse set of applications will have different goals and different network services that matter to them (and different network services that they want to avoid!), and so will have different security policies in mind for implementation on the firewall.
(3) The larger the community of users on the inside, the more likely that eventually one of them will become motivated to attempt to compromise another system on the inside, or the security of the firewall itself.The firewall is (quite literally) in no position to help here.