D-Link DFL-1600 User Manual page 32

12
apart from better written software, is to disable such services or
limiting surfing to less sensitive computers.
HTML pages that link in the contents of local files when they are
opened without scripts. Such pages can, often with the help of
unsuspecting local users who are lured into "helping" the page by
clicking on a button, send the linked file onwards to an unknown
Internet server.
Documents sent by email that contain hostile scripts which are
activated once the document is opened. Possible ways to protect your
system against this form of attack include avoiding using
browser-based email software or disabling scripting and introducing
mail gateways that can block scripts and other executable code.
Buffer overruns, which firewalls only rarely provide protection against.
Buffer overruns can occur in any application, with a net result of
intruders being able to coax protected computers into executing any
command. Here, the only solution is to ensure that only well-written
applications, which are specifically designed to be immune to this
form of attack are installed and used. Unfortunately, most current
software is not written with this problem in mind. At the time of
writing, we are of the opinion that this poses the greatest technical
threat of all forms of network-based attack, as almost all software is
susceptible to buffer overruns.
Viruses and Trojan horses. A firewall can of course be connected to
virus scanners, mail gateways and other similar devices in order to
increase security, but it should be noted that the fundamental
functionality of a firewall does not normally provide such protection.
Even if the firewall is connected to a virus scanner, it is possible that
attacking viruses could be so well hidden that the scanner would be
unable to detect them. In addition, a virus scanner can only detect
viruses it recognizes. If somebody designs a virus specifically for
attacking your systems or those of a small group of people, or if the
trojan or virus in question has not been in circulation long enough for
it to become well known, the virus scanner will not recognize it.
At present, the most common targets for data-driven attacks are:
Public servers such as mail servers, DNS servers and web servers.
Web servers are clearly over-represented in this category due to their
enormous complexity.
D-Link Firewalls User's Guide
Chapter 3. Firewall Principles