Introduction

As you read in Chapter 3, Selecting the Correct Firewall, the concept and underlying technologies of firewalls have changed dramatically over the years. In like manner, the way in which attackers prey on networks and the techniques used have also matured. In previous years, the concept of sharing information or allowing Web services into your network was as foreign a concept as the Anaheim Angels winning the baseball World Series. The firewall policies of old were without complexity and the intricacies of modern business. Generally, these policies consisted of only a Drop-All rule that prevented any incoming traffic from the Internet, or your perimeter. This left the firewall itself as the only attack vector available. From an attacker s perspective, this meant that we had to manipulate or subvert the firewall before we could make a move on any of the internal systems or resources.

As time marched on, companies began to offer services to the Internet at large. While not as sexy or complicated as some of the policies in recent times, the services were opened by typically allowing functions like Web, mail, and DNS. Attackers now had multiple attack vectors at their disposal (Web, mail, or DNS servers) and didn t have to primarily focus on compromising the firewall as the main point of entry. Even when we could successfully compromise the internal servers, we still needed other points of entry into the network, prompting us to attack the firewall from the inside out.

Fast forward a few more...