Network Architecture and Security Vulnerabilities
Architecture is the blueprint or the core idea on which any model or application is made.Talking about network or internet today we will talk about whats wrong with this aspect.This is the second post in Security Vulnerabilities series.
Internet was never meant to be secure (echo from last post ) but then we made it big and we made it random.
Imagine a old time fortress.It had a big wall outside and then a water filled ditch and then the fortress.Application and Internet became the same thing with time.Still when things was not secure we placed guard over the fortress wall, like our archers which can kill enemies from a distance.But then it has big disadvantages.
- If somebody makes a hole in the wall, there is no way to stop him, so if a hacker can bypass a firewall you cant do anything.
- This disadvantage came with the technique of encryption, Guards on the fortress wall can not differentiate between friend and enemy if they have same color, so if encrypted data us coming security will fail to recognize if its a virus pretending useful data.
- If a site is hacked it is very late by the time you know it actually happened.
Web (in) Security:
Lets take two example and analyze them quick.
- We start a telephone company which is automated by computers.We have signals and control panel.So if you get hold of the signal (control panel are always made secured) and mess with it, You can make free calls…right? Similarly on web applications codes and data (information) are mixed, you get hold of the code you get the data at your doorstep.!!!!
- We start a site like amazon and we forgot to make checks for negetive numbers, resulting people can order “-3 books” they pay “-150$” and you still get the books delivered to them.( Now thats awesome!!!)
Concluding this post , We start designing well but then we forgot our lessons of software engineering, we forgot the concepts.Its really amazing that we have come so far and so good….I wont say its so bad but I would say it could have been hell lot better.!!!
We have one more post in this series, where I will talk about one new security vulnerability.
Tags: firewalls, firewall_bypass, Security, web_applications
 |  |  |  |  |  |  |  |  |  |  |  |  |  |
Posted on 23rd March 2007 by Ashish Mohta , A tech blogger who writes about solving day to day problems of people who use computer. He also writes on How to use the applications like Office, PC tips, Online tools,Browsers and more. All posts by Ashish Mohta | Connect with me @ Twitter | Linkedin | Facebook | Stumble | Need more help? Ask your Questions at our Support Center
Quote: If somebody makes a hole in the wall, there is no way to stop him, so if a hacker can bypass a firewall you cant do anything.
Not quite true. Even if an intruder bypasses your firewall, there are a few things that you can do, like blocking specific ports, but for that you need to know that you’re under attack in the first place, and any intruder smart enough to get around your firewall will probably be smart enough to hide the attack until it’s over.
@Basu: I agree with you to a certain point.But thats not just the only way.There are two many gaps and we add check on check and more security feature which in turn contains more bugs (chances are high) .If we could have a secure architecture which would have been updated from time to time, rather than getting patched, it would have been lot better
Welcome to technospot.net!!!
I agree with Basu, Specific down the network port that required then the chances attack or hack by hacker is lot…. if your firewall is smart enough. it can acknowledge when the attack occur on your firewall.
@KM: I agree with you both.Firewalls are pretty safe but then who configures it ? We right!!! Now if some zero day attack comes up your firewall are not smart enough to catch them.All internet securities are based on predefined data.If we would have made a smart firewall which was based on intentional hacking, it would have caught even the unknown attacks.Even the anti viruses have same problem, they are based on signatures, if you dont have it you cant catch it.
Thanks for the comment
Leave your response!
Subscribe for Daily Updates
Free Feed Subscription
Weekly Podcast
Monthly Archives
Topics
What others are Saying ?