commentary Network administrators who place all their trust in firewalls copped stern words this week from a high-ranking engineer at one of the world's largest networking equipment vendors. "The idea behind firewalls doesn't work anymore," 3Com's global vice-president Pat Rudolph, said in an interview with your writer.
commentary Network administrators who place all their trust in firewalls copped stern words this week from a
high-ranking engineer at one of the world's largest networking
equipment vendors. "The idea behind firewalls doesn't work anymore," 3Com's
global vice-president Pat Rudolph, said in an interview with your
"The idea behind firewalls is that people inside the network
are trusted and that people outside the network are potentially
malicious," he continued.
"The problem is, if I take my laptop home and get infected on
my home network because my kid's doing something he shouldn't be,
I can then walk my laptop right past my firewall, and plug it
into the corporate network. I can then infect the network."
Rudolph also pointed out firewalls worked by leaving network
"Like port 80, which is Web traffic. You have to leave port 80
open. The problem is that hackers know this, and they can put in
malicious attacks through port 80," he said.
Rudolph's comments are correct. A number of common security
threats aren't going to be stopped by your average firewall.
This is exactly why the current generation of multipurpose
(spam/anti-virus/anti-spyware, etc) security hardware is enjoying
high levels of popularity. For example, real estate king LJ
Hooker is currently installing such devices throughout its
However, while firewalls are not enough on their own, they
remain integral to network defence strategies.
An executive from wireless security vendor AirDefense told a
Sydney conference yesterday that firewalls should always be used,
especially for wireless devices.
As he demonstrated a technique that could take control of a
whole room of laptops within seconds, the company's director of
technical solutions Spencer Parker said even the humble firewall
bundled with Windows XP could stop a lot of threats targeted at
The lesson to be learnt here is that even though firewalls are
not sufficient security on their own, they're still going to be
around for a long time in one form or another.
As for Rudolph himself, he can probably afford to be
complacent even if his kids are tinkering with his work
"I have a team of technical specialists around the world and
we all tend to operate on Macintosh," he said. "Without offending
Microsoft, I like my computer to be stable."
Like Windows XP, Mac OS X comes with a firewall built in, but
the Apple operating system has a much better history when it
comes to security problems.
What do you think? Are networks still safe behind firewalls
or can hackers bypass them at will? Send your thoughts to