The Futility of Common The Futility of Common Firewall PoliciesFirewall Policies

James E. Ries, M.S.NLM Predoctoral FellowMarch 7, 2000

AbstractAbstractMany organizations utilize firewalls to protect their networks from being accessed by unauthorized external entities. These same firewalls are also often configured to deny access to certain external services from within the internal network. The latter policy can be subverted through a protocol "tunneling" strategy, which has been implemented as a set of programs called "Firehole". Organizations should be aware of this kind of technology, and should examine their true goals in denying external services to their users.

OverviewOverviewIntroduction and CreditsWhat are firewalls?Common firewall policiesWhat is “Firehole”?Why did we create Firehole?Future Directions

Overview (cont.)Overview (cont.)ConclusionsReferences

IntroductionIntroductionInformation Systems Security is a

timely issue (see recent DOS attacks).

Healthcare organizations have especially sensitive information, and thus should pay close attention to security policies.

Controversial (I hope).

CreditsCredits“Firehole” project began as a term

project for CECS 383.Development team:

– Jim Ries, M.S., HMI/CECS– Phil Asaro, M.D., HMI– Arturo Guillen, CECS– Jordanka Ivanova, CECS

What are firewalls?What are firewalls?Barrier between secure intranet and

open Internet.Barrier may range from impermeable

to porous, but likely at least somewhat porous.

Barrier typically configured to selectively allow in-bound and/or out-bound traffic.

What are firewalls? (cont.)What are firewalls? (cont.)Screening Routers

What are firewalls? (cont.)What are firewalls? (cont.)Proxies

Common firewall policiesCommon firewall policiesAllow only connection-oriented

traffic which was initiated internally.– This prevents external entities from

accessing internal resources, but allows most client applications to enjoy unrestricted usage.

Common firewall policies (cont.)Common firewall policies (cont.)As above, but also restrict TCP/IP

ports (e.g., HTTP [80], Telnet [23], etc.)– Prevents unknown or “custom”

applications from functioning.– Still allows unfettered internal use

for most applications.

Common firewall policies (cont.)Common firewall policies (cont.)As above, but require all traffic to go

through a proxy.– Provides finer control (e.g., URL filtering).– Facilitates logging (which may give rise

to privacy issues).– Extremely common example is to allow

only HTTP traffic through proxy, thus denying all other applications.

Common firewall policies (cont.)Common firewall policies (cont.)So, why limit internal access to external

resources?– Employees waste time

• Isn't this a job performance issue?– Employees use company resources for

personal reasons.• Isn't this really a benefit?

Will internal limits do any good anyway?

What is “Firehole”?What is “Firehole”?Combination client and server

application which encapsulates arbitrary traffic in HTTP.

Enables arbitrary traffic (e.g., email) to travel through an HTTP proxy.

Requires a server deployed on the open Internet, and a client deployed on the intranet.

What is Firehole? (cont.)What is Firehole? (cont.)

FireHole

Server

FireHole

Client

80

25

119

ClientApplication

Netscape,Outlook

25 119

25

119

80

80

HTTPHTTP

POPSMTP

NNTP

POPSMTP

NNTP

FireWall &

Proxy

Mail

Server

News

Server

What is Firehole? (cont.)What is Firehole? (cont.)Performance

Why did we create Firehole?Why did we create Firehole?Make administrators aware of this

technology.Argue for properly motivated access

policies.Aren’t you guys really just a bunch of

hackers?– What if we called it an “Email

Gateway”?

Future DirectionsFuture DirectionsAdd encryption.

– Prevents internal “eavesdropping”.– May thus make Firehole useful even for

native HTTP traffic.– Prevents external eavesdropping.

Improve performance.– Support persistent connection.– Support anticipated response.

Future Directions (cont.)Future Directions (cont.)Support asynchronous applications

through polling (e.g., Telnet).– Polling raises additional security

concerns.Direct Microsoft Outlook plug-in.

– Seamless client configuration.

Future Directions (cont.)Future Directions (cont.)Consider commercial subscription-

based server.– Provide server on open Internet for

annual fee; give client away.– Legal issues?

Maybe give the thing away entirely to make our points.

ConclusionsConclusionsFirewalls can block external access

to internal resources, and this is appropriate.

Firewalls are often overly restrictive in limiting internal access to external resources.

Conclusions (cont.)Conclusions (cont.)Internal access to the Internet in

ANY form can be utilized to achieve arbitrary access to the Internet.

Administrators should be aware of this fact, and should consider their motivation for limiting access.

ReferencesReferencesFirehole home page http://riesj.hmi.

missouri.edu/Firehole/“Firewalls” by Chapman, Zwicky

http://www.sunworld.com/swol-01-1996/swol-01-firewall.html

Internet Firewalls and Network Security by Siyan, Hare, New Riders Publishing, 1995.