Redspin
About Us Main         
Corporate Ethos        
Environmental Ethos     
Redspin In The News  
Press Releases           
Careers                      
Request A Quote
Assessment Services Assessment Tools Security Research About Us Contact Us
Redspin In The News

 Back To Redspin In The News
June, 4 2007
Research: 30% Of Firewalls Violate Security Policy
Credit Union Journal
©2008 Credit Union Journal and SourceMedia, Inc. All rights reserved.


SANTA BARBARA, Calif., June 4, 2007 — Almost 30% of firewalls are not providing the protection they are supposed to, according to new research.

"Everyone thinks firewalls are solid," said John Abraham, president of Redspin, which conducted the research and found that nearly 30% of firewalls are failing at their job. "It's the basic assumption you build the rest of your network security on. Unfortunately, that turns out to be a bad assumption. We logged firewall configuration problems during a year's worth of security audits and found that 30% of them violate their organization's own security policy. That's not good."

Firewall configurations consist of Access Control Lists (ACLs), which are strings of configuration code that include network addresses, protocols, and vendor specific commands. They may be easy to understand individually, but as a whole can be very difficult to read and analyze because they are order dependent. Also, they are affected by the firewall's implicit default rules that affect every other rule but are not shown in the configuration file. Redspin said this can introduce errors in implementation. Many IT administrators typically have wide-ranging responsibilities rather than a network engineering focus and may inadvertently overlook these subtleties, the company said.

Pink Floyd may have wanted to "tear down the wall," but Redspin said that is an IT manager's worst nightmare. To help banks and credit unions address these problems, Redspin is introducing a new software tool: the Redspin Firewall Configuration Analysis Tool (CAT), which the company said simplifies and automates the complex problem of auditing firewalls and identifying configuration problems by creating a visual representation of the firewall rules.

Redspin uses CAT as part of its security audits to analyze firewalls for banks and credit unions. In addition, Redspin is making the CAT publicly available at no charge for three months.

© 2007 The Credit Union Journal and SourceMedia, Inc. All Rights Reserved.

 Back To Redspin In The News
©2008 Redspin, Inc. All rights reserved. Home  |  Assessment Services  |  Assessment Tools  |  Security Research  |  About Us  |  Contact Us
Site Design and Development by Petro Design Co.

External Network Security Assessments

Internal Network Security Assessments

Website Security Audit

Special Security Assessment Services

PCI Services

Casino IT Audits

Redspin Audit Engine

Firewall CAT

fTrace

Crackulator

Redspin Research

Technical Resources

Regulatory Resources

Security Management Advisory

Corporate Ethos

Environmental Ethos

Redspin In The News

Press Releases

Careers

Contact Us

Request Pricing