Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Firewalls' False Sense of Security

February 28, 2005 12:00 PM ET

Computerworld - The Internet front door to almost every bank and financial services company in the world is guarded by two sets of firewalls defining a DMZ. Nearly every e-commerce site sits in a similar DMZ in what has become the de facto standard in Web security architecture. According to Sun Microsystems, "In today's tumultuous times, having a sound firewall/DMZ environment is your first line of defense against external threats." But I would argue that guarding the perimeter is lulling organizations into a false sense of security that results in ignoring the implementation of other security mechanisms in their applications and databases.
In contrast, the Internet front door to MIT doesn't have a DMZ and pretty much doesn't even have a firewall. Universities begin with an assumption that everything is open, but these large organizations are arguably no more vulnerable to external threats than banks and financial institutions, and perhaps less vulnerable to internal threats.
A key reason for reduced vulnerability is the approach many universities take to creating authorization and application-level security in the absence of a secure perimeter. For more than a decade, universities have been implementing homegrown systems and working with vendors to ensure that their products don't make assumptions about working behind a firewall. We look for systems to incorporate application-level security based on verifiable user identities -- an approach that continues to gain ground as organizations realize that firewalls alone don't provide the level of security they need in today's world.
In your own organization, do you pass around unencrypted passwords and data inside the firewall because you know you're behind the firewall? Are your application servers available to any request from anywhere (because they are behind the firewall) or only to those Web servers that need the applications they implement? Is everyone with access to applications allowed full access, or is each person's role (customer, authorizer, accounts payable clerk) part of the authorization protocol to applications? These are some of the issues we must face once we realize that firewalls don't really provide full application security. After all, once the firewall is breached, the outsider is inside, so we can't treat all insiders alike.
As a result, there is a growing interest in standardizing approaches to secure authorization and application access. Many security architectures at universities (and some corporations) are based on the Kerberos protocol and software (http://web.mit.edu/kerberos), first developed at MIT in the 1980s and still going strong. In fact, Kerberos is in the background of operating systems from Apple, Sun and Microsoft, but it's



Jump to comments

Security

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.  

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...