Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

1Mar/054

Firewalls’ False Sense of Security

Opinion piece in Computerworld by Jerrold M. Grochow, vice president for information services and technology at MIT, on the limitations of perimeter security and the importance of authorization - closing quote:

Firewalls can go only so far -- at some point, you'll have to develop a secure identity structure that's incorporated into each and every application. And projects such as Kerberos, Shibboleth and Liberty will lead the way.

I would add SAML to that list, and note that SAML 2.0 incorporates functionality from both Liberty ID-FF and Shibboleth.

Comments (4) Trackbacks (0)
  1. This is something that all building, deploying and running services on the Internet should have drilled into their heads. To me, a system that is properly secured has no need for a packet filtering firewall. My definition of ‘properly secured’ is that all the applications implement the access controls required by the security policy to allow or deny access.
    I’ve got machines on the Internet, and the packet filtering firewalls on these machines do very little for me. I know full well exactly what services are running, and that most of those services implement access controls in a way I find satisfactory. Those that I can’t turn off, or don’t have any way to configure access controls, I have to put a packet filter in front of them.
    I see that I have to use a packet filtering firewall in front of some services as a defect in those services.
    Anyway – just some ranting from me on security.

  2. I have to disagree, Alan. I would contend that even a system that is properly secured needs a packet filtering firewall. Here’s why: defence in depth. We’re all human. These are complex systems we’re protecting. There is always a risk that some system somewhere is incorrectly secured. By implementing layers of security we mitigate that risk. Packet filtering is not enough, but I would also say that access controls alone are not enough.

  3. Well, and then there’s the “Jericho” train of thought, which holds that the firewall is redundant as such, and that security now needs to reside not just in application-level mechanisms but resource/object level.
    That might be a sound design objective, but in the
    meantime a firewall still seems to me like a good way of mitigating risk. You just have to understand which risks it is mitigating and which it is not.

  4. I just realised, I have a really good, concrete example of all this. As blogged elsewhere, I have a Lingo VOIP box. Now, the default configuration is to put this immediately downstream of your cable/dsl model. This makes me uncomfortable, as I don’t know how vulnerable this piece of kit is – I don’t want hackers finding it, cracking it and dialling Azerbaijan on my $. So, I installed it behind my router/firewall, even though that currently gives me problems when my PC consumed all the upstream bandwidth (e.g. emailing a large attachment) and I can’t be heard over VOIP.


Leave a comment

No trackbacks yet.