The Argument Around Multiple Firewalls

Ah dueling firewalls…. I’ve seen it all. Well maybe not all, or that I really want to.

My good friend Jack Germain of ECT News Network just finished an article on this. Check it out here.

http://www.technewsworld.com/story/66150.html

I can think of at least three good reasons who companies deploy multiple firewalls.

1. No single firewall does everything exceptionally well
2. Multiple Firewalls determine which model should be on top doing the heavy lifting
3. Customers don’t trust a single firewall technology

Let’s face it, no two firewalls on the market today are alike. Some are very good at Denial of Service DdoS protection while others can handle rate shaping or packet inspection better than the other. So depending on the customers application and traffic needs, a different firewall brand might be in order. I would caution users of the dual or quad firewall topology because the more firewalls you put in your network the more difficult it becomes for troubleshooting.

You might have heard me make the statement that I feel firewalls are older security technology and that newer technology like an Intrusion Prevention Solution is the logical replacement.

There are however firewall functions that an IPS still needs to deliver upon in order to become a full fledged firewall replacement. One of the mandatory features is NAT. Most firewalls today provide the NAT function and an IPS does not. A drawback to firewalls today is port 80. With so many newer applications now running through port 80 (Because everyone knows it’s open to web traffic) it makes it impossible for a firewall to inspect, assuming it is legitimate Web traffic. IPS systems inspect EVERYTHING.

Because there is no single device that can do everything equally, customers are settling for a layered defense. The need for multiple security technologies and in some cases dueling firewalls will continue while customers keep looking for that silver bullet, one device that does it all perfectly.

I can hardly wait!

Be Careful For Valentines Cards

Valentines day use to be a time when loved ones would send cards in the mail wishing for a happy Valentines on February 14th. Like so many other things from the past we no longer communicate in a manner like mailing cards or calling people on the telephone for that matter. The Internet has turned us into high speed communication junkies. We send a quick email to someone to remind them to pick up milk on the way home from work. We send a Instant Message to see if you are going to the bar after work or to make sure your picking up the kids at daycare. And now we send electronic Valentine's cards to our loved ones so they can read while driving into work from their Blackberry. Yes, I do read a few emails while I am driving.

Hackers are very smart individuals. I've always said if we can put hackers to good use we might solve a number of problems on our Earth. But hackers will be hackers. I've always been fascinated by the cleaver ways hackers have studied human behavior and have adapted their strategy to penetrate our computers to steal personal information.

We have seen hackers disguise email to look like legitimate 'e cards' with a URL hoping you would click on the link, launching a Trojan to gain entry into your computer to start sending files to a server somewhere in a foreign country, or YOUR country for that matter.

In 2009, I expect to see even more of this due to our down economy and hackers are growing in numbers and will prey on anyone they can steal from.

I'm asking you to be vigilant when you get email that contains a greeting card, even if it's from someone you know, even if it looks authentic. DON'T open it. It might not be from who you thought was sending it, it might unleash a program onto your computer that will be difficult to remove or even know its there for that matter.

My advice. Call the person that sent you the e card. Tell them you got the email and you wanted to call and thank them for thinking of you. Let them know that you do not open emails that might contain a program, because you are not sure what its going to do to your computer and that you can't afford to damage your files, etc. They will understand.

Who knows! Maybe next year your loved ones will send you a Valentines card in the regular snail mail. A blow to the hackers. But like I said earlier, hackers are smart and study what we click and don't click. They will try something more cleaver next time.