|
Posted by RedForeman on May 11, 2007, 9:46 am
If you were Registered and logged in, you could reply and use other advanced thread options > I am studying security critical systems, and it has been posed to me that
> there are flaws in the concept of a firewall. It has also been inferred that
> some aspects of firewalls violate the fundamental design principles of high
> integrity systems. These principles are given to me as "hazard removal, risk
> reduction and hazard control".
>
> My own thoughts are that I disagree. The person who posed the question,
> however, obviously feels that this is the case though. Since I disagree, I
> am struggling to come up with answers.
>
> The best "flaw" I can come up with is that firewalls can block valid traffic
> (through misconfiguration). Possibly also that with the firewall login
> details, the firewall administration system could be accessed externally and
> compromise the network.
>
> As far as "violating" the design principles? I also feel that they don't. To
> me, firewalls reinforce the design principles e.g. hazard removal - they
> block unwanted access to systems. Risk reduction - they reduce the risk of
> the unauthorised access hazard occurring. Also, hazard control - I suppose
> firewalls don't really do anything to reduce the damage once unauthorised
> access has been gained but this hardly constitutes a "violation" of the
> principle.
>
> Do you have any suggestions as to what I'm missing? Or what my supervisor is
> getting at with the question?
>
> Thanks in advance.
I stole this from somewhere with a funky URL...
"High-Integrity systems are complex, software controlled systems,
which, in the event of failure, have a high impact on humans, the
environment, organizations and society. They come in two flavors:
- Safety critical systems (SCS) have a direct influence on the live
and health of humans and the environment. Examples can be found in all
industrial areas, e.g. aerospace, automotive, railway and marine
systems, power generation, medical technology, SCADA etc.
- Mission critical systems (MCS) posess a high criticality with
respect to the functioning of an organization, e.g. ERP, CRM."
Ok, with that out of the way... your friend likes to hear himself
talk, so he throws $4 words around in a 50cent conversation, just to
impress people or to look smart... Here's my thought, challenge him,
ask him what the last high integrity system he controlled, and then
ask him if he thinks a bank is a HIS, or maybe a nuclear facility like
ORNL, or TVA... IMO, yes they are.. they have a direct impact on the
public....
That being said...your friend does have an idea, he is just conveying
it incorrectly... the only flaw a firewall has is the human factor...
humans set it up, so it's flawed... Other than that, any hardware
firewall has flaws... because it's dependant on outside
intelligence... it's a dumb box... it's presented with a 'question' it
compares it to a 'rule' and then it's just a static answer, yes or
no....
This could be a real cool discussion... anyone else want to chime in
on this? Thanks for bringing it up...
RedForeman
| 
XML site map