WELCOME

Capella has been designated a National Center of Academic Excellence in Information Assurance Education (CAEIAE) by the National Security Agency and the U.S. Department of Homeland Security. Capella’s information security curriculum meets the NSA Committee on National Security Systems standards 4011, 4013, 4014.

This center provides access to resources, tools, and the latest information regarding information assurance as a way to enhance understanding in this field of study.

CNSS Certification

The NSA’s Information Assurance Courseware Evaluation (IACE) Review Committee has validated that Capella’s information security curriculum meets the Committee on National Security Systems (CNSS) National Standards 4011, 4013, (and 4014 coming). Learn what this means to a Capella learner.

ARCHIVES

Current Topics

«
»


Invisible Firewalls?

From Rodney Visser | August 18th, 2009

 When adding a traditional hardware based firewall to a network, major network based surgery is needed a majority of the time.  The potential for configuration problems with both internal clients and the router/proxy are increased.  There is also overhead that goes into processing each packet or session for the firewall, making it difficult to come to an informed decision. 

When looking though the eyes of an attacker, only minimal investigation and enumeration is needed to identify a device that is acting as a firewall. Its rule-set or “protection” features can be realized.Most firewalls operate at layer 3 of the OSI model, which forces them to route data after the rule-set has been applied.  What if there was some way to simplify the inspection process for a traditional firewall?  If we take a step down on the OSI model to layer 2, we will be inspecting frames instead of packets and the filtering decision can still be made without the need for routing.  This type of device is called a transparent firewall.

Most of the benefits of utilizing a transparent firewall come from its ability to act as a bridge.  When installing one on the network, there is nearly no configuration that needs to be done to other devices.  You simply drop it in the way of whatever you want to protect and "bang" it filters traffic: no subnetting, no gateway changes, no routing protocols — just it and the frames. 

There are also significant advantages gained in the performance of this type of firewall.  With resources freed up, deeper examination of the data can be done without having to worry about pesky network bottlenecks. 

For me, the greatest aspect of this type of device is its ninja-like “steathiness”.  It does not require an IP address to to operate. It is virtually unreachable and invisible to the outside world.  How do you port scan, firewalk, or cause a denial of service condition on a device that does not have an good network ip address?

Transparent firewalls are excellent security tools when they are used in the right situations.  They allow rapid deployment along with deep analysis capabilities, while staying hidden to the outside world. 

In my mind, these in-line devices represent several features that are what tomorrow’s network devices will be capable of doing on a grand scale.

What do you think?

Rodney Visser
 

 

Tags: , , , ,

You can leave a response, or trackback from your own site.

Leave a Reply

Let us know what you think. All comments will be reviewed prior to going live. Comments that are profane or obscene, or unrelated to the topic of the post will not be published.

Categories

RESOURCES

NEWS FEEDS

META

CAPELLA CONNECTION

Capella University offers several degree programs which specialize in the information assurance and security field. Visit one of the links below for more information.

To learn more about Capella, please visit http://www.capella.edu or call 1.888.CAPELLA, option 2, to speak to an enrollment counselor.

Capella University