Flaws in the concept of a firewall

I am studying security critical systems, and it has been posed to me that
there are flaws in the concept of a firewall. It has also been inferred that
some aspects of firewalls violate the fundamental design principles of high
integrity systems. These principles are given to me as "hazard removal, risk
reduction and hazard control".

My own thoughts are that I disagree. The person who posed the question,
however, obviously feels that this is the case though. Since I disagree, I
am struggling to come up with answers.

The best "flaw" I can come up with is that firewalls can block valid traffic
(through misconfiguration). Possibly also that with the firewall login
details, the firewall administration system could be accessed externally and
compromise the network.

As far as "violating" the design principles? I also feel that they don't. To
me, firewalls reinforce the design principles e.g. hazard removal - they
block unwanted access to systems. Risk reduction - they reduce the risk of
the unauthorised access hazard occurring. Also, hazard control - I suppose
firewalls don't really do anything to reduce the damage once unauthorised
access has been gained but this hardly constitutes a "violation" of the
principle.

Do you have any suggestions as to what I'm missing? Or what my supervisor is
getting at with the question?

Thanks in advance.

Re: Flaws in the concept of a firewall

On May 11, 8:39 am, "Brian" wrote:
> I am studying security critical systems, and it has been posed to me that
> there are flaws in the concept of a firewall. It has also been inferred that
> some aspects of firewalls violate the fundamental design principles of high
> integrity systems. These principles are given to me as "hazard removal, risk
> reduction and hazard control".
>
> My own thoughts are that I disagree. The person who posed the question,
> however, obviously feels that this is the case though. Since I disagree, I
> am struggling to come up with answers.
>
> The best "flaw" I can come up with is that firewalls can block valid traffic
> (through misconfiguration). Possibly also that with the firewall login
> details, the firewall administration system could be accessed externally and
> compromise the network.
>
> As far as "violating" the design principles? I also feel that they don't. To
> me, firewalls reinforce the design principles e.g. hazard removal - they
> block unwanted access to systems. Risk reduction - they reduce the risk of
> the unauthorised access hazard occurring. Also, hazard control - I suppose
> firewalls don't really do anything to reduce the damage once unauthorised
> access has been gained but this hardly constitutes a "violation" of the
> principle.
>
> Do you have any suggestions as to what I'm missing? Or what my supervisor is
> getting at with the question?
>
> Thanks in advance.

I have no idea what he is getting at.. maybe you should ask him for
examples?

Flamer.

Re: Flaws in the concept of a firewall

On May 10, 4:39 pm, "Brian" wrote:
> I am studying security critical systems, and it has been posed to me that
> there are flaws in the concept of a firewall. It has also been inferred that
> some aspects of firewalls violate the fundamental design principles of high
> integrity systems. These principles are given to me as "hazard removal, risk
> reduction and hazard control".
>
> My own thoughts are that I disagree. The person who posed the question,
> however, obviously feels that this is the case though. Since I disagree, I
> am struggling to come up with answers.
>
> The best "flaw" I can come up with is that firewalls can block valid traffic
> (through misconfiguration). Possibly also that with the firewall login
> details, the firewall administration system could be accessed externally and
> compromise the network.
>
> As far as "violating" the design principles? I also feel that they don't. To
> me, firewalls reinforce the design principles e.g. hazard removal - they
> block unwanted access to systems. Risk reduction - they reduce the risk of
> the unauthorised access hazard occurring. Also, hazard control - I suppose
> firewalls don't really do anything to reduce the damage once unauthorised
> access has been gained but this hardly constitutes a "violation" of the
> principle.
>
> Do you have any suggestions as to what I'm missing? Or what my supervisor is
> getting at with the question?
>
> Thanks in advance.

I stole this from somewhere with a funky URL...
"High-Integrity systems are complex, software controlled systems,
which, in the event of failure, have a high impact on humans, the
environment, organizations and society. They come in two flavors:

- Safety critical systems (SCS) have a direct influence on the live
and health of humans and the environment. Examples can be found in all
industrial areas, e.g. aerospace, automotive, railway and marine
systems, power generation, medical technology, SCADA etc.
- Mission critical systems (MCS) posess a high criticality with
respect to the functioning of an organization, e.g. ERP, CRM."

Ok, with that out of the way... your friend likes to hear himself
talk, so he throws $4 words around in a 50cent conversation, just to
impress people or to look smart... Here's my thought, challenge him,
ask him what the last high integrity system he controlled, and then
ask him if he thinks a bank is a HIS, or maybe a nuclear facility like
ORNL, or TVA... IMO, yes they are.. they have a direct impact on the
public....

That being said...your friend does have an idea, he is just conveying
it incorrectly... the only flaw a firewall has is the human factor...
humans set it up, so it's flawed... Other than that, any hardware
firewall has flaws... because it's dependant on outside
intelligence... it's a dumb box... it's presented with a 'question' it
compares it to a 'rule' and then it's just a static answer, yes or
no....

This could be a real cool discussion... anyone else want to chime in
on this? Thanks for bringing it up...

RedForeman

Re: Flaws in the concept of a firewall

On Thu, 10 May 2007, in the Usenet newsgroup comp.security.firewalls, in
article <3qL0i.6756$eY1.3395@newsfe2-win.ntli.net>, Brian wrote:

>It has also been inferred that some aspects of firewalls violate the
>fundamental design principles of high integrity systems. These
>principles are given to me as "hazard removal, risk reduction and
>hazard control".

You forgot another principle: "Keep It Simple, Stupid". A lot of
errors occur as a result of being overly complex and tripping over
your own feet. See the articles in http://catless.ncl.ac.uk/Risks/
(the Risks Digest - a digest of articles published by the "ACM FORUM
ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS".)

>The person who posed the question, however, obviously feels that this
>is the case though.

Then ask this person for concrete examples.

>The best "flaw" I can come up with is that firewalls can block valid
>traffic (through misconfiguration).

"valid traffic" by whose definition? This may or may not be a function
of misconfiguration. The average user thinks that a firewall should
block the bad stuff - allowing everything else. The problem with that is
that you are always playing "catch up" - discovering (after you've been
screwed) that "this is bad and should be blocked". A more prudent method
is to block BY DEFAULT, and only allow that which is needed. The
problem then becomes defining "what is needed" and therefore has to be
allowed (and perhaps "allowed from/to where"). Usually, this "what can be
allowed" list is simpler than the "bad stuff" list.

>Possibly also that with the firewall login details, the firewall
>administration system could be accessed externally and compromise the
>network.

The firewall administrator who allows ANY external access (and often
internal access) except from "trusted" locations/devices using strong
authentication mechanisms to the firewall is to stupid to be allowed to
breath, and should be reassigned to less demanding tasks like counting
raindrops in Southern Algeria.

Old guy