1. Manuals
  2. Brands
  3. D-Link Manuals
  4. Firewall
  5. DFL-1600 - Security Appliance
  6. User manual

Attacks On Insecure Pre-Installed Components; Inexperienced Users On Protected Networks; Data-Driven Network Attacks - D-Link DFL-1600 User Manual

Network security firewall
Hide thumbs Also See for DFL-1600:
Table of Contents

Advertisement

3.2. What does a Firewall NOT protect against?
3.2.1

Attacks on Insecure pre-installed Components

A very common problem is the fact that operating systems and applications
usually contain insecure pre-installed components. Such components
include undocumented services present on computers connected to the
Internet, allowing inbound external network connections. One example of
this form of vulnerability is the "simplifying" components that allow direct
ODBC access via HTTP in web servers.
The common feature of most of these components is that they are not
intended for use on a public network, where intruders can utilize the extra
functionality at hand to easily break into the system. However, modern
systems are frequently supplied with such components pre-installed in order
to make the system easier to use.
A good precaution to take is to review all Internet-connected systems,
clients and servers, and remove all unnecessary functionality.
3.2.2

Inexperienced Users on protected Networks

No firewall in the world can protect against the damage that inexperienced
users can do to a protected network.
If they "assist" an intruder in one way or another, e.g. by opening an
unrecognized program sent to them by email such as "merryxmas2001.exe",
they can do more damage than all the bugs in applications and operating
systems put together.
All attempts to secure the networks of an organization should be preceded
by a thorough investigation of what should and should not be permitted.
The result of this should be a security policy that applies to all parts of the
organization, from management down. In order for such a policy to work,
all users must be made aware of this policy and why it must be enforced.
3.2.3

Data-Driven Network Attacks

Normally, a firewall will only protect a system against data-driven attacks
in exceptional circumstances. Such attacks include:
HTML pages containing javascript or Java that attack the network
"from the inside" when the page is viewed in a browser or e-mail
program. The only possible protection against this sort of attack,
D-Link Firewalls User's Guide
11

Advertisement

Table of Contents
loading

Related Manuals for D-Link DFL-1600

Related Content for D-Link DFL-1600

This manual is also suitable for:

Netdefend dfl-210Netdefend dfl-2500Dfl-800Netdefend dfl-1600Netdefend dfl-800

Table of Contents