Click here to receive your FREE subscription to Campus Technology
Viewpoint
Firewalls: A Hammer in Search of a Nail
5/29/2008
Back in 1990s one of the debates was whether the network should be smart or just a "big dumb pipe." By the turn of the century we thought the "big dumb pipe" theory of networking won. The network would provide end-to-end connectivity that was agnostic with regard to content. Any problems would be resolved by simply adding more bandwidth. But now, rather than a large agnostic pipe we find that applications must navigate through firewalls, anti-virus gateways, traffic shapers, proxies, and other active network security devices. In short, the network has become very content-aware and our "security" devices may be downgrading performance for many applications.As part of a presentation on Cyberinfrasturcture Architectures, Security and Advanced Applications at the Internet2 Member Meeting held last April, Joe St. Sauver, University of Oregon and Manager of the Internet2 Security Programs talked about the pros and cons of firewalls and considered their impact on advanced applications. The points he makes should be carefully considered.
Firewalls Everywhere
The foundation of most campuses' network security is built around firewalls, dedicated hardware appliances, or software running on dedicated computers that looks at messages passing through the firewall and blocks those that do not meet specified security criteria. This examination is done in a variety of ways, including: looking at each packet traversing the firewall and accepting or rejecting it based on user defined rules; applying security restrictions to specific applications such as FTP and Telnet; applying security restrictions when a TCP or UDP connection is established; and hiding a network's true network address by implementing a proxy server.
Philosophically, firewalls are a perimeter defense, much like the walls surrounding ancient Troy. (And we all know how successful they were.) One variable is how big the defensive perimeter is: the entire campus, a department, or an individual computer. Or all three. And like any perimeter defense there has been substantial discussion over the years regarding the efficiency of such strategies. (See for example Terry Grays classic 2003 paper " Firewalls: Friend or Foe.")
But how much protection do firewalls really provide and what are the negative impacts on advanced applications?
A Firewall Is Our Friend
St. Sauver identified a number of good reasons for running a firewall:
Recommended Reading
- Yuba Community College District Renews with AT&T for Wireless
Yuba Community College District (YCCD) has contracted with AT&T to provide wireless Internet access to the 11,000 students attending the district's two Northern California colleges, Yuba College in Marysville and Woodland Community College.
- Surveys Raise Doubts on Virtualization Security
Migration to virtualization won't be the quick transition that some technology evangelists have predicted, according to recent surveys by two IT security companies. Nor is virtualization as secure as many might want it to be.
- What Was Your First Pet's Name? Lessons Learned About E-Mail Security
The intrusion last month into Vice Presidential candidate Sarah Palin's e-mail highlighted the frailty of some types of data security measures. What are the lessons for the rest of us?
- Report Casts Doubt on Anti-terrorism Tools
A new report from the National Academy of Sciences, part of which was co-authored by an Indiana University School of Law-Bloomington professor, casts doubt on the effectiveness, lawfulness, and appropriateness of using data-based tools such as data-mining and biometrics to fight terrorism.
- University in South Africa Set To Install Quantum Cryptography on Municipal Network
Physicists at South Africa's University of KwaZulu-Natal are set to install a quantum communication security solution over the eThekwini Municipality fibre-optic network infrastructure in Durban.
- Cedarville U Sets Up SonicWall Firewalls
Cedarville University in southwestern Ohio has implemented SonicWALL firewalls to provide high-speed gateway firewall protection for its 3,000 students.
