ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

OPINION: A firewall can't do it all

July 30, 1999
Web posted at: 11:52 a.m. EDT (1552 GMT)

by Scott Bradner, Network World Fusion columnist

From...
Network World Fusion

(IDG) -- A few months ago, I put a new 10G-byte disk drive in my Macintosh 2400 laptop. That expanded the original capacity of the computer to the point where I could carry the basic business data for much of Harvard wherever I went - if I had a mind to do that and if the university was dumb enough to let me do it. Sounds unlikely, but all too many businesses let their traveling executives do things that are just about that dumb.
MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Network World Fusion home page
  Free Network World Fusion newsletters
 Reviews & in-depth info at IDG.net
 *   IDG.net's bridges & routers page
  IDG.net's hubs & switches page
 *   IDG.net's network operating systems page
  IDG.net's network management software page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for network experts
  Search IDG.net in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

Businesses spend tens of thousands of dollars to install and operate firewalls to protect their corporate secrets from Internet intruders. But in doing so, too many seem to think that installing the firewall somehow magically makes all security problems disappear. There are a number of reasons why this borders on self delusion.

Every study that looks at the perpetrators of effective (if that is a reasonable word to use) network-based intrusion shows the majority are insiders, or outsiders working with inside help. Because firewalls do not keep out people who are already inside, they are of limited assistance in these cases.

Installing firewalls also tends to make users and sometimes network managers so complacent that they forget the basics of good network security, such as using good passwords or physical token-based authentication.

This does not mean organizations should forego the use of firewalls, but it does mean they should not assume firewalls are some sort of magic pill that cures stupidity.

Firewalls certainly do not cure the stupidity of corporate executives carrying piles of corporate and often private secrets in plain-text files on their laptops and palmtops. A lot of information tends to pile up on these machines: copies of old e-mail, spreadsheets of budgets, proposals for changing corporate direction or for new products, even auto-logon scripts for dialing in when on the road.

There might be more effective ways to find out what is going on in a corporation than to steal the CEO's laptop, but it would take me a while to think of one.

For a while there have been products around to keep laptops from booting without entering a password, plugin card or serial port attachment, but these can be circumvented by moving the disk drive to another computer.

There is also software that lets the user encrypt files on the disk, but the reliability of this software depends on the reliability of the user taking the time and trouble to do the encryption every time - and not writing the password on the laptop case.

The only safe ways to carry corporate secrets on a laptop is to not do so or encrypt the whole disk, and there are products to perform that function. In the end, it is cheaper to lose the data due to a forgotten password than reveal the secrets to the wrong person.

Disclaimer: Harvard's business is not curing stupidity, it is nurturing intelligence. The above is my own too-full disk.

Bradner is a consultant with Harvard University's University Information Systems. He can be reached at sob@harvard.edu.


RELATED STORIES:
Your own private Internet
July 22, 1999
Free utility guards against spyware
July 20, 1999
Extranet management technology matures beyond the firewall
July 19, 1999

RELATED IDG.net STORIES:
What do you think? Join the forum!
(Network World Fusion)
Network-1 pitches mini-firewall
(Network World Fusion)
Hot firewalls find new niches
(Network World Fusion)
OPINION: OK, so maybe firewalls aren't all bad
(Network World Fusion)
All-in-one security appliances
(Network World Fusion)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
Firewalls Mailing List
4Firewalls -- A guide to firewalls
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.