SOHO Firewalls Are Not Safe
It's one thing to rush an application to market without thinking about security. It's another to rush a security application to market. But that's what has happened with several SOHO firewalls -- a product category that was a virtual nonentity a year ago but is now standard fare for anyone on a broadband connection, including telecommuters and mobile communications.
SOHO firewalls are designed to block suspicious incoming and outgoing traffic on a client machine or even block an application from using the Internet altogether. It's an important job, since broadband connections are always on and, hence, easy prey for hacker programs that can sniff out their IP addresses. But many of these SOHO firewalls have a design that's easy to compromise with just a few lines of code.
Basically, the hack involves known behaviors of these products. Since SOHO firewalls watch traffic based on port number and application name, all a hacker has to do is rename a virus or Trojan horse to an app name that end users likely have permitted to access to the Internet.
For example, a hacker could rename a rogue file to iexplore.exe, an app name that is not likely to be barred from using the Web. If, in fact, the end user had set his or her firewall to allow that application to access the Internet, the bad file is allowed in.
Everyone is on the SOHO firewall bandwagon, and hardly anyone is doing it right. A Trojan comes along and calls itself a basic application like netscape.exe, and it's in. This is not some future problem once the bad guys notice. These Trojans exist.
Hopefully, publicizing this kind of hole will tighten companies' security measures quick. Something this simple is scary. If you have persistent connections popping up everywhere, you don't want them to go unchecked.
Other problems are born out of the rush to get products to market. For example, the default settings of Sygate Technologies' firewall leave individual programs open to the Internet until users choose to disable access. Symantec Corp., in an effort to make its product more user-friendly, has a list of applications that automatically get permission to access the Internet so users aren't even presented with the choice. Some products, such as BlackIce Defender from Network Ice Corp., don't yet offer the ability to block outgoing transmissions to the Internet from a client machine when the client acts as a server.
Both points are valid. These firewalls were rushed to market and are poorly designed. Version 1 of these things is not a 100 percent solution; they are more like an 80 percent solution. But business is business. Everyone saw a SOHO firewall out there, and they all had to have one. Most of these offerings have to get much better in their next revision.
While some of the technical vulnerabilities likely will go away in later versions of the products, there is a psychological aspect to the problem. IT managers put an inherent amount of trust in security products, which actually can leave them vulnerable when the products show weaknesses such as these.
Since it is security, a tendency exists to think, "I can set it and forget it." That's asking for trouble. The number of telecommuters using broadband is increasing. In 2002, unfortunately, that means home machines will get trashed. Or they will be the dupes that allow a hacker into a SOHO network.
REPORTS
ANALYTICS
Follow 
