The Three Myths of Firewalls

Bob Blakley, a Security Architect at IBM, coined the following "Three Myths of Firewalls". His "Three Myths" is one of the most succinct ways I've found of explaining why cryptographic techniques such as those used by Kerberos are far superior when compared to stopgap attempts that Firewalls represent.

1. We've got the place surrounded.

Firewalls make the assumption that the only way in or out of a corporate network is through the firewalls; that there are no "back doors" to your network. In practice, this is rarely the case, especially for a network which spans a large enterprise. Users may setup their own backdoors, using modems, terminal servers, or use such programs as "PC Anywhere" so that they can work from home. The more inconvenient a firewall is to your user community, the more likely someone will set up their own "back door" channel to their machine, thus bypassing your firewall.

Related to this problem is the observation that in research or academic communities (and sometimes in corporate environments as well!), researchers, professors, or engineers may demand so many exceptions to the firewall policy so that they can communicate with their collaborators at other research sites or universities that you might as well not have the firewall.

2. Nobody here but us chickens.

Firewalls make the assumption that all of the bad guys are on the outside of the firewall, and everyone on the inside of the can be considered trustworthy. This neglects the large number of corporate computer crimes which are committed by insiders.

Of course, in academic institutions, the assumption that the "bad guys" are always on the outside is often laughable. We have often observed that there's nothing quite so dangerous as a bored MIT student.

3. Sticks and Stones may break my bones, but words will never hurt me.

This myth may also be restated as "Sticks and Stones may break my bones, but Word (tm) will never hurt me." Newly evolving systems are blurring the lines between data and executables more and more. With the advent of Word macros, Javascript, Java, and other forms executable fragments which can be embedded inside data, a security model which neglects this will leave you wide open to a wide range of attacks.

$Id: firewalls.html,v 1.7 2003/07/17 22:11:36 tlyu Exp $
MIT Kerberos [ home ] [ contact ]