As a security consultant I encounter many different configurations. One
of my clients has found themselves in a situation wherein their
perimeter protection is essentially a packet filtering router. I, and
the security people in the organization, are well aware of the myriad of
attacks that will make it through router filters (fragmented packets,
packets without SYN bit set, etc.) but we are having a hard time
persuading management that the risk is more than theoretical.
Discussions of the techical issues just cause their eyes to glaze over.
Does anyone know of a well documented incident that caused significant
disruption to an organization that used a packet filter router for
protection instead of a real firewall? I have lots of anecdotal
accounts from conferences, etc., but nothing that I can point to that
says "In Oct, 1999 hackers broke through the brand X router used at
company ABC and reformatted the disks on 11 servers". Without a
concrete example management will conclude that we are just paranoid.
- Terry Ingoldsby
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
