The Inquirer-Home
Hardware > Security

Network firewalls are under threat due to device security flaws

Cisco and Juniper devices are among those not secure
By Asavin Wattanajantra
Wed Apr 13 2011, 15:11

THOSE IN CHARGE of network firewalls should be on high alert, as a report claims that there are major security flaws in some of the most popular devices used today.

Independent security product and certification test firm NSS Lab revealed that five out of six of the most popular network firewall products on the market have serious flaws, following vigorous testing during the first quarter of this year.

Tested were the Check Point Power-1 11065, Cisco ASA 5585, Fortinet Fortigate 3950, Juniper SRX 5800, Palo Alto Networks PA-4020 and Sonicwall NSA E8500.

NSS Labs said that five of the devices had serious flaws "despite the maturity of the market and their certification by two other major certification bodies". Check Point was the only one to stand up to the examination.

There are two major issues affecting firewalls. The first is a stability problem, where an attacker can disrupt communications by sending certain sequences of content to the firewall's external interface, making it crash.

As well as productivity losses, NSS Labs said this could "be a precursor to a larger, more effective penetration of the corporate network". It explained, "Attackers can develop working exploits from these types of code flaws."

The firm added, "The second major issue permits an external attacker to trick the firewall into allowing him inside as a trusted client. This TCP split handshake attack has been publicly known for over a year, and all firewalls should defend against it."

NSS Labs claimed that product certification was often not good enough, as the testing wasn't vigorous enough and didn't reflect the nature of real attacks.

It added, "They are designed, often by vendor consortiums, to demonstrate that products meet a minimum level, rather than necessary level of functionality."

Previously this year NSS Labs showed The INQUIRER results of its anti-virus software tests, which revealed that none of the most popular products on the antivirus market were particularly effective. µ

Tags: Security

Share this:

< Previous article| Next article >
Comments
Go Job NSS Labs

Pretty crazy the vendors are selling insecure products with paid stamps of approval.

NSS Labs page for Firewall-NGFW

http://www.nsslabs.com/research/network-security/firewall-ngfw/

posted by : NGFW, 14 April 2011 Complain about this comment
FlipMe--FipYou

Maybe if Cisco wasnt so concerned about their Flip video business this wouldnt an issue!

posted by : ciscocrap, 13 April 2011 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Facebook starts selling shares

Will you buy Facebook shares?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: