TRADITIONAL FIREWALLS
Typically, firewalls are devices that are placed between a trusted and an untrusted network, a firewall is deployed between two networks: a trusted network and an untrusted network. The trusted network is labeled as the “inside” network, and the untrusted network is labeled as the “outside” network.
The untrusted network in this case is connected to the Internet. This is the typical nomenclature you’ll often see in Cisco and non-Cisco documentation. When firewalls are connected to the Internet, they are often referred to as Internet edge firewalls. A detailed understanding of how firewalls and their related technologies work is extremely important for all network security professionals. This knowledge not only helps you to configure and manage the security of your networks accurately and effectively, but also allows you to gain an understanding of how to enforce policies and achieve network segmentation suitable for your environment.
RISKS OF THE OLD, TRADITIONAL FIREWALLS
If you’re using a traditional firewall to secure DNS, alongside log-file analysis tools, then you’re putting your services and your data in danger.
1. There’s a high chance of false positives, locking users and customers out of your systems because log analysis tools are not real-time. More dangerously there’s also the issue that after the incident analysis may not pinpoint breaches, putting you at significant risk.
2. A massive attack can quickly overwhelm systems based around traditional firewalls, especially when combined with attack magnification as a result of retries by legitimate users. As these systems are slow they can add risk.
3. A new class of attacks on DNS servers are slow and can easily be hidden in amongst legitimate traffic, making them very hard to identify and defend against. These attacks include DNS water torture, which uses subtly malformed queries and as a result is hard to spot using traditional tools.
4. Some techniques used by attackers, like DNS exfiltration and DNS tunneling tools, are now commonly used and have been added to the toolkits of attackers. They may not be as fast as extracting data over HTTP or FTP, but as they’re not tracked by most DLP tooling, they’re hard to spot until after your data has been stolen.
5. Much of these class DNS attacks are new; and as a result, are more likely to be based around zero-days. That means it’s hard to get fixes and updates rolled out to firewalls in time to avoid compromises.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
30,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM
