Redspin
About Us Main         
Corporate Ethos        
Environmental Ethos     
Redspin In The News  
Press Releases           
Careers                      
Contact Us Toll Free - 800-721-9177
Request A Quote
Security Blog
Assessment Services Assessment Tools Security Research About Us Contact Us

Redspin In The News

 Back To Redspin In The News
June, 4 2007
Research: 30% Of Firewalls Violate Security Policy
Credit Union Journal
©2008 Credit Union Journal and SourceMedia, Inc. All rights reserved.


SANTA BARBARA, Calif., June 4, 2007 — Almost 30% of firewalls are not providing the protection they are supposed to, according to new research.

"Everyone thinks firewalls are solid," said John Abraham, president of Redspin, which conducted the research and found that nearly 30% of firewalls are failing at their job. "It's the basic assumption you build the rest of your network security on. Unfortunately, that turns out to be a bad assumption. We logged firewall configuration problems during a year's worth of security audits and found that 30% of them violate their organization's own security policy. That's not good."

Firewall configurations consist of Access Control Lists (ACLs), which are strings of configuration code that include network addresses, protocols, and vendor specific commands. They may be easy to understand individually, but as a whole can be very difficult to read and analyze because they are order dependent. Also, they are affected by the firewall's implicit default rules that affect every other rule but are not shown in the configuration file. Redspin said this can introduce errors in implementation. Many IT administrators typically have wide-ranging responsibilities rather than a network engineering focus and may inadvertently overlook these subtleties, the company said.

Pink Floyd may have wanted to "tear down the wall," but Redspin said that is an IT manager's worst nightmare. To help banks and credit unions address these problems, Redspin is introducing a new software tool: the Redspin Firewall Configuration Analysis Tool (CAT), which the company said simplifies and automates the complex problem of auditing firewalls and identifying configuration problems by creating a visual representation of the firewall rules.

Redspin uses CAT as part of its security audits to analyze firewalls for banks and credit unions. In addition, Redspin is making the CAT publicly available at no charge for three months.

© 2007 The Credit Union Journal and SourceMedia, Inc. All Rights Reserved.

 Back To Redspin In The News
Home  |  Assessment Services  |  Assessment Tools  |  Security Research  |  About Us  |  Contact Us  |  Site Map
©2009 Redspin, Inc. | Privacy Policy
Site Design and Development by Petro Design Co.

Casino IT Assessments

External Network Security Assessments

Financial Services

Healthcare Security Assessments

Internal Network Security Assessments

NERC Cyber Security Assessments

PCI Services

Social Engineering

Special Security Assessment Services

Testing and Certification Program

Website Security Assessments

NMap XML2SQL

fTrace

Crackulator

Redspin Research

Redspin Presentations

Redspin Videos

Redspin Data Sheets

Redspin White Papers

Technical Resources

Regulatory Resources

Security Management Advisory

Corporate Ethos

Environmental Ethos

Redspin In The News

Press Releases

Upcoming Events

Careers

Contact Us

Request Pricing