April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Firewalls are no longer impenetrable perimeters
Stephen Gates of
For the past 25 years, the firewall has been the bastion of cyber security. It used to function like a charm, creating the definitive divide that separated the unknown (the Internet) from the known (the network), preventing any malicious entrants and keeping networks safe from all harm. But this technology -- like all things digital -- has a finite shelf-life.
While firewalls still hold an important place in cyber security, they are no longer the impenetrable security perimeters they once were. Two and a half decades has allowed for a lot of malicious behavior to evolve. How could any technology prepare for such a distant reality?
Nearly half of all U.S. businesses rely only on a conventional firewall to prevent cyber-attacks -- leaving them at high risk for such attacks.
Cyber criminals have taken full advantage of this misguided faith in firewalls. "Hacktivist" groups, cyber terrorists and hackers-for-hire have all manipulated these known weaknesses for their own gains. Moved by political, ideological or economic motivations, these parties have unleashed Distributed Denial of Service (DDoS) attacks on global banks. These headline-grabbing attacks are growing in frequency, complexity and size.
According to an anonymous banking representative, many of these recent attacks were successful because organizations failed to invest in any prevention mechanisms -- relying solely on an antiquated firewall as a stopgap.
Following these highly publicized DDoS attacks on large financial institutions, it is easy to come to the false conclusion that banking organizations are the only targets of these attacks. Not so.
This growing threat places every organization that relies on the Internet at risk, including the public sector and government. Their higher profile and vast reach make public sector and governmental sites particularly worthy targets, endangering the public welfare by limiting access to vital emergency information and impacting municipal operations. Here and everywhere else, a firewall on its own does not offer enough protection.
A successful DDoS attack can bring Internet operations to a halt. Access to information and services is blocked, business is disrupted and the brand is damaged. DDoS attacks typically last for hours, costing Websites many thousands, even millions, of dollars in direct lost revenue and much higher potential loss because of customer shifts to other sites.
The impact on the governmental side can be even more damaging, shaking the public’s trust in the very agencies and organizations they need to trust most.
Back in April, a group calling itself the UGNazi Collective shut down city Web portals in both New York (NYC.gov) and Washington, DC (DC.gov). In September, hacktivists briefly took down U.S. State Department computers and, in the UK, they hit MI5, the intelligence agency.
But hacktivists are just one part of the story.
According to a recent Reuters article, governments and security industry experts say some of these attacks emanate from nations such as China and Iran, which have economic or political tensions with the United States -- a sort of “cyber-terrorism."
As these attacks continue to proliferate, creating a new type of digital hired gun -- the cyber "hitman." For as little as $10-an-hour, almost any Website can be incapacitated. What was once the province of terrorists and sophisticated hackers, has become a criminal capitalist enterprise.
But why these attacks occur is only one part of the equation. In order to understand and prevent these network assaults, organizations need to delve into how these floods happen and why more than a firewall is needed to protect a computer network.
Flood attacks typically employ armies of thousands of hijacked PCs, known as botnets, to overwhelm targeted servers and bust through the firewall (think stampeding elephants charging a plywood fence.) They require enormous resources and are not at all subtle, yet they are dangerously effective
There is also a newer threat: An application-layer attack that is far more subtle than a flood infiltration. These types of attacks do not generate huge volumes of traffic. Cyber criminals and terrorists require fewer resources, that is a smaller numbers of hijacked computers comprising botnets. In fact, recent research demonstrates that an effective application attack can be executed by a single computer, rendering Websites inaccessible to legitimate users.
In the absence of such intense traffic spikes, victim organizations may not even realize they are under attack. Instead, they might look for more rudimentary explanations for unresponsive Websites, such as application or system issues. ISPs similarly are often slow to recognize such attacks (think picking out the off-white grain of sand within a beach of ivory specks.) By the time these attacks are detected, the damage already is done. In some cases, these shutdowns can ring up costs of up to $250,000 per day.
Many organizations react to these DDoS events by trying to mitigate their impact. They subscribe to services from their Internet service providers to blunt these in-your-face assaults. It is costly and, of late, not nearly sufficient. Others purchase more bandwidth to render the attack harmless, but that avenue is also ineffective, as many flood attacks simply are too big to mollify. This time, the elephants are charging a chain linked fence.
With attackers growing in sophistication, a new sort of security "perimeter" that goes beyond outdated firewall technology is required to stop these attacks before they can take root.
These technologies halt DDoS and server-targeted malicious attack activity by filtering and removing attack traffic before it even reaches the firewall, without impacting legitimate traffic. This new first line of defense allows the entire IT infrastructure to operate more efficiently, improving the quality of performance of security devices, network applications and servers, and ensuring business continuity. This approach includes the firewall, which can continue to function as it was intended.
In order to keep their sites and services up-and-running, organizations and governmental entities should be pro-active and implement DDoS response plans and prevention technology capable of countering all of today’s sophisticated attacks. The cyber landscape has changed a great deal since 1987. It is time the firewall got a little help.