Even firewalls have holes
Firewalls are the main barriers between an organization’s internal and external networks. Over the past 25 years, they have become the foundation of perimeter security and there are those that consider them commodity products.
By Gregory Hale; Source: ISS Source
Firewalls are the main barriers between an organization’s internal and external networks. Over the past 25 years, they have become the foundation of perimeter security and there are those that consider them commodity products.
Now as another generation of firewall technology is taking hold, NSS Labs started testing traditional network firewalls and next generation firewalls. NSS Labs engineers have discovered serious flaws in these products, despite the maturity of the market and their certification by two other major certification bodies.
Researchers found:
- Three out of six firewall products failed to remain operational when subjected to stability tests. This lack of resiliency is alarming, especially considering the tested firewalls were ICSA Labs and Common Criteria certified.
- Five out of six vendors failed to correctly handle the TCP Split Handshake spoof (aka Sneak ACK attack), thus allowing an attacker to bypass the firewall.
- Measuring performance based upon RFC-2544 (UDP) does not provide an accurate representation of how the firewall will perform in live real-world environments.
“IT organizations worldwide have relied on third-party testing and been misled,” said Vik Phatak, CTO, NSS Labs. “These test results point toward the need for a much higher level of continuous testing of network firewalls to ensure they are delivering appropriate security and reliability.”
All leading network firewall vendors were able to participate in the test at no cost. All testing occurred in an independent environment and no vendor paid for testing. Products tested include:
- Check Point Power-1 11065
- Cisco ASA 5585
- Fortinet Fortigate 3950
- Juniper SRX 5800
- Palo Alto Networks PA-4020
- Sonicwall E8500
Click here for the Network Firewall Comparative Group Test Report.
- Related News:
Blowout preventer overhaul way off - 26.04.2011 09:06- Blowout preventer not tested to shear pipe - 26.04.2011 09:05
- Fraud foray fools phishing filter - 26.04.2011 09:04
- Water utility suffers cyber incident - 26.04.2011 09:02
- Oak Ridge hit by cyber attack - 26.04.2011 09:01
- FPL wind turbine hack a hoax - 26.04.2011 09:00
Case Study Database
Get more exposure for your case study by uploading it to the Consulting-Specifying Engineer case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.
