2

I had this discussion with a friend of mine who is a windows sysadmin. He said to me that for his company's IT security, he is doing only updates on the windows server.

But except these system updates that prevent any code injection and are not related to intrusion itself, he is only counting on firewalls capacities to prevent intrusion.

So far, he did not have any massive intrusion from the outside world from what I know (or maybe he is good at shielding info from me, although I doubt).

My question is the following: Is it a sound strategy to rely on firewalls to prevent intrusion? From my early experiences, to have a DMZ or a proxy or one of the other is a must...

Any insights are more than welcomed

Cheers

Andy K
  • 411
  • 1
  • 3
  • 11
  • 3
    Probably a bit broad to get good answers - if it's a network of a server and some thin clients, making sure the server runs an AV and closing all incoming traffic might work. If you're running anything that intentionally comes into the network, it should probably be segregated from any sensitive internal data. – Matthew Mar 31 '16 at 19:30
  • Hi @Matthew your answer will be a good fit to my question. – Andy K Mar 31 '16 at 19:34
  • 1
    You are mentioning SQL injections, which are not a problem related to the IP layer. Firewalls do block IP traffic based on rules. Please clarify your question. Firewalls are a good way to secure a machine and minimize impact in case of a breach, but that does not mean the applications allowed by the firewall should not be secure. SQL injections will not be vetted w/o deep packet inspection and should be taken care of at the application layer. – Tobi Nary Mar 31 '16 at 19:35
  • Hi @SmokeDispenser I amended my question. Sorry for the confusion – Andy K Mar 31 '16 at 19:42

1 Answers1

2

This is definitely not enough. Avoiding the huge discussion of differences between traditional firewalls, next-gen firewalls, and web application firewalls (WAF) none of these devices offer 100% protection. I'd go so far as to say even if you had all of them (which your friend probably doesn't) there will always be a decent number of well known attacks that can easily reach your applications and databases. Add to that the number of WAF-bypass tools and attacks against any application customizations or business logic and your friends strategy looks really ugly. Attacks are definitely getting through your friends defenses, he/she just has no way to see them.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49