I think firewalls are fairly convenient ways to apply a "quick fix"
while better forms of network security are devised. The fundamental
problem with firewalls is that they do not have access to all the
information necessary to determine what is safe to pass and what is
not. There are many forms of inter-host "trust" performed at various
levels in the protocol stack, including end user, and the firewall
system cannot possibly evaluate all packets against the higher levels
of trust. Consequently the firewall is instructed to apply relatively
dumb rules to filter packets. If the filtering at that level is going
to be really secure, it will also (as you said) interfere with
legitimate services; conversely if it is to allow all legitimate
services, it will have to leave higher levels of security open to
possible intrusion.
I don't think the current suite of Internet protocols is anywhere
near as secure as it ought to be (without losing legitimate services),
however. It is horrible that IP addresses cannot be trusted. There
needs to be foolproof authentication of *some* sort at these lower
levels, if we are not going to have to implement security policies
within nearly *every* protocol built on top of IP. On the other hand,
since there can be a security hole at any level, it would appear that
every protocol that matters *will* need to perform its own authentication
anyway. Some of us in MCSB have been conducting research in this area
and have devised a fairly general yet simple authentication scheme which
could feasibly be implemented in a general program support library.
|
|
