Blog: 'Net Engineer Argues Firewalls Are a Security Distraction

'Net Engineer Argues Firewalls Are a Security Distraction
Computerworld Australia (05/30/08) Bell, Stephen

The focus on firewalls has led corporate network experts to spend less time on security in the end system, says Brian Carpenter, the former head of the Internet Engineering Task Force. Carpenter, currently a lecturer at the University of Auckland, discussed the history of the Internet as well as its challenges while giving the Institution of Engineering and Technology's annual Prestige lecture. During his "The Internet, where did it come from and where is it going?" address, Carpenter suggested that firewalls have lessened the momentum of end-to-end transparency for the Internet. He said the extended addressing scheme, IPv6, will replace the need for address translation, but Internet users are so used to conventional firewalls. There are some similarities between his view of end-to-end transfer of data and David Isenberg's concept of a "stupid" network, but he adds that the edge of today's complex networks might be difficult to define, which has also been suggested by Victoria University's John Hine. "The basic principle is still valid," Carpenter said. "It's not obvious that you will make money out of putting very complex services very deep in the network."
Click Here to View Full Article

Security: Who Invented the Firewall? And, what do they think now?

Who Invented the Firewall?
Dark Reading (01/15/08) Higgins, Kelly Jackson
Numerous computer experts can lay claim to inventing the firewall. Nir Zuk says he developed the technology that is used in all firewalls, and David Pensak claims to have built the first commercially successful firewall. William Cheswick and Steven Bellovin wrote a book on firewalls in 1994 at AT&T Bell labs and built a circuit-level gateway and developed packet-filtering technology, though they do not claim to have invented the firewall. Marcus Ranum says his reputation as inventor of the firewall is just a marketing trick and that David Presotto deserves the credit. Regardless, all of these security experts, along with Jeff Mogul, Paul Vixie, Brain Reid, Fred Avolio, Brent Chapman, and others were associated with the development of firewall technology. Gartner's John Pescatore says Cheswick and Bellovin were the fathers of the network firewall concepts, using packet filtering to deny everything except what is explicitly allowed, while Ranum was the father of DEC SEAL, the first firewall product. Today, some of the firewall's creators are no longer big supporters of the technology. Cheswick, a lead member of the technical staff at AT&T Research, says he has not personally used a firewall since the 1990s. "They are an economic solution to weak host security. I want to see stronger host security," says Cheswick, who adds that firewalls still have a place but are simply another network element. Steven Bellovin agrees. "The firewall as Bill and I described it in 1994 in our book is obsolete," says Bellovin, now a professor of computer science at Columbia University. He says having a guard at the front door when there are thousands of backdoors into a network does not work. "I'm not saying get rid of it at the door. It provides a low-grade access control for low-value resources," Bellovin says. "But the real access control [should be] at the host."
Click Here to View Full Article

Security: Wi-Fi Routers Are Vulnerable to Viruses

Wi-Fi Routers Are Vulnerable to Viruses
New Scientist (12/22/07) Merali, Zeeya
Indiana University in Bloomington researcher Steven Myers has been investigating how a virus could be spread between wireless routers. "We forget that routers are mini-computers," Myers says. "They have memory, they are networked, and they are programmable." However, routers are not usually scanned for viruses or protected by firewalls, and while Myers says there are no known viruses that target routers, they are still easy targets. Routers within about 100 meters would be able to spread viruses to one another and create a vast network for viruses. While routers normally do not communicate with each other, it would be easy for hackers to create a virus that enables routers to communicate. Myers used records on the location of Wi-Fi routers around Chicago, Manhattan, San Francisco, Boston, and parts of Indianapolis to create a simulation of how a router attack might spread. In each simulated city, viruses were able to jump between routers lacking high-security encryption within 45 meters of each other. The virus spread surprisingly fast, with most of the tens of thousands of routers becoming infected within 48 hours. The geography of the cities affected how the virus spread, with rivers and bays acting as "natural firewalls." Routers can be protected by changing the password from the default setting and enabling high-security WPA encryption. University of Cambridge computer scientist Ross Anderson says the study exposes a more significant problem in that all electronics, including phones, routers, and even microwaves, are being built with software that could potentially become infected.
Click Here to View Full Article