Firewall Wizards mailing list archives

Re: Firewall administration.

From: Rik Farrow <rik () spirit com>
Date: Fri, 3 Oct 1997 11:56:39 -0700 (MST)

Firewalls are intended to be security devices, and are supposed to
help keep networks safe.  What I find disturbing is the most popular
firewall products are actually designed in an unsafe manner.  That
is, the person configuring the firewall is encouraged to do the wrong
thing.

I have come up with what I call Farrow's corrolary to Murphy's law:
good designs are difficult or impossible to use in an unsafe manner.
Let's look at an example which has nothing to do with firewalls, but
does provide an excellent example of unsafe design.  

In the fifties, one large car manufacturer designed car door handles
which locked if you pressed them down, and unlocked and opened when
pulled up.  A competing manufacturer inverted the design:  by pressing
down on the handle, the door unlocked then unlatched, and pulling up
on the handle locked the door.

In the fifties, only race car drivers wore seatbelts.  Ordinary car
passengers were considered lucky if they were thrown clear (well,
through the windshield) in case of a collision.  Children rode in
the back seat, a wide, featureless, bench, and could be rolled from
side to side when going around corners.  In cars with the second 
design, it was common for the kiddies to fall against the door, press
down on the handle (opening the door), and fall out of the turning car.
The door design, which unlocks and opens when someone depresses 
(or falls against it), is a good example of an inherently unsafe
design.

Now for firewalls.  Many firewall products include point-and-click
support for passing dangerous services through the firewall.  By
Farrow's corrolary, these firewalls are designed unsafely--it is easy,
even trivial, to do the wrong thing.  Given the public's general
belief that having a firewall "makes their network safe", firewalls
providing an interface which makes DOING THE WRONG THING EASY should
be avoided.

While having a GUI is not necessarily evil in itself, having any
interface which makes it easy to configure a firewall in an unsafe
manner is evil...

Rik Farrow
rik () spirit com

Current thread:

Re: Firewall administration. Anton J Aylward (Oct 01)
- Re: Firewall administration. Rick Smith (Oct 03)
- <Possible follow-ups>
- Re: Firewall administration. Rik Farrow (Oct 03)
  - Re: Firewall administration and thoughts cont. Mark Teicher (Oct 04)
    - Interface (was Firewall administration and thoughts) David Collier-Brown (Oct 06)
    - Re: Interface (was Firewall administration and thoughts) Mark Teicher (Oct 06)
- Re: Firewall administration. Anton J Aylward (Oct 04)
  - Re: Firewall administration. Rick Smith (Oct 09)
    - Re: Firewall administration. Bennett Todd (Oct 09)
    - firewall configurator Was: Firewall administration. Magossa'nyi A'rpa'd (Oct 10)
    - Re: firewall configurator Was: Firewall administration. -= ArkanoiD =- (Oct 11)
    - Re: firewall configurator Was: Firewall administration. Magossa'nyi A'rpa'd (Oct 12)
- RE: Firewall administration. Gary Crumrine (Oct 06)

(Thread continues...)