In addition, Firewalls can’t provide security for the following.
1 .A firewall can’t protect against attacks that
don’t go through the firewall. Many corporations that connect to Internet are
very concerned about confidentially date leaking out of company through route.
However, a magnetic tape can just export data.
2. Many organizations that are terrified of Internet
connections have no coherent policy about how dial-in access via modems should
be protected. There are many organizations out there buying expensive firewalls
and neglecting the numerous other back doors into their network.
3. Another thing a firewall can’t really protect you
against is traitors or idiots inside the network. An industrial spy might leak
information or export it through a telephone, FAX or floppy disk. Firewalls
can’t protect you against this stupidity.
4.
Firewalls can't protect very well against things like viruses. There are too
many ways of encoding binary files for transfer over networks, and too many
different architectures and viruses to try to search for them all. In other
words, a firewall cannot replace security-consciousness on the part of your
users. In general, a firewall cannot protect against a data-driven
attack--attacks in which something is mailed or copied to an internal host
where it is then executed.
Organizations
that are deeply concerned about viruses should implement organization-wide
virus control measures. Rather than trying to screen viruses out at the
firewall, make sure that every vulnerable desktop has virus-scanning software
that is run when the machine is rebooted. Blanketing your network with virus
scanning software will protect against viruses that come in via floppy disks,
modems, and Internet. Trying to block viruses at the firewall will only protect
against viruses from the Internet--and the vast majority of viruses are caught
via floppy disks.
No comments:
Post a Comment