If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Tech News World)   Remember way back in ancient computer history when we used to have this thing called a "firewall"? Good times   (technewsworld.com) divider line 102
    More: Scary, virtual environments, VPN, computers, physical environment  
•       •       •

7976 clicks; posted to Geek » on 06 Jul 2012 at 11:35 AM (2 years ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



102 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | 3 | » | Last | Show all
 
2012-07-07 04:08:46 AM  

symbolset: FrAnKiE!!!!: Translation - "I don't know what a firewall is."

Oh, I know what it is. I was schooled in that cult. I'm just reformed.

A hardware firewall was originally just a router that prevented hosts in the untrusted zone from connecting on their own initiative to hosts in the trusted zone, sometimes doing NAT translation as well. Modern hardware firewalls can inspect outbound sessions also, limiting connections to a whitelist or proscribing a blacklist, or using deep packet inspection in both directions to prohibit certain information from being passed - and these are probably good things. The featureset has expanded quite a bit to include web proxies and cache, VPN access, DNS restrictions and a number of other things. Firewalls can be used to segments business divisions as well, and compartmentalize an enterprise from excess information leakage or the spread of malware.

The base fallacy of such technology as a protector of hosts in the trusted zone from the evil influence of hosts in the untrusted zone is that such a thing as a "trusted zone" exists when it does not. It's in the name: "firewall", i.e. a barrier to protect one side with vulnerable parts from the potentially burning side - taken I believe from automotive or aviation nomenclature for the barrier between the place where people sit and the place where fuel is used.

Any host with Internet access can be compromised - and quite a few that are even air-gapped (see Iran's recent issues, not just one but three: "stuxnet", "duqu" and "flame"). Once it's compromised if it's on a network that believes in trusted zones it can compromise all the hosts in that zone - even hosts that are not normally considered hosts: firewalls, iSCSI SAN devices, FC SAN devices (yes, it's true!), routers, intelligent switches, relatively "dumb" industrial control devices, printers and so on. Sometimes the host moves outside the "trusted zone" to be compromised and then comes back in to ruin your day: see "road warr ...


Your definition of firewall is outdated. And your point that, "anything with internet access can be compromised" basically means that you think that all security is pointless. So, why bother?
 
2012-07-07 03:34:49 PM  
Fun times 101:

-Boot up PC and launch VPC/VMware with discrete virtualized network access for the image.
-Log into image and open netmeeting request from virtual image to host.
-Alt-tab to host and accept meeting request.
-"Share program" with the virtual image, where the shared program is in fact the virtual image you are controlling from the host.
-Skynet becomes self aware.
 
Displayed 2 of 102 comments

First | « | 1 | 2 | 3 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report