Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

secure the network from hackers

is it possible to break the software firewall and acces my server

1 REPLY
Cisco Employee

Re: secure the network from hackers

Your question is very general and can be difficult to answer. More specifics as to your concerns and situation would help in trying to answer you question.

Here are some specific examples of what you might want to know:

1) Can a hacker attack my web server if my firewall is allowing HTTP traffic to the web server?

Answer: Yes, most Firewall allow/permit the web traffic without analyzing the contents of the web requests. Some web servers have vulnerabilities that can be exploited through web requests. Most of these are formatted in such a way that they cause the cgi script being accessed to create an error condition, and in some cases this error condition can allow the attacker to execute other commands on the web server and gain access to the operating system.

Intrusion Detection Systems were developed to analyze the network traffic in order to detect attacks such as these. So when the attacker tries to attack the web server then the Intrusion Detection Sensor analyzes the web request and determines that is an attempt to exploit a vulnerability of the server. The IDS will then generate an alarm, and can even be configured to block the connection at the Firewall or a perimeter router.

2) In the above example the attacker is using a protocol (and/or port) that I configured the Firewall to allow through, but what about an attacker trying to get through the Firewall using a protocol (and/or port) that I am filtering at the Firewall?

Answer: If the Firewall is configured properly and does not contain a bug then the Firewall should stop the attack. But be aware that Firewalls can sometimes be misconfigured, or may be reconfigured without the primary security personnel being notified.

(There have also been rare cases where Firewalls have had software bugs which allowed traffic that users thought should have been stopped by the Firewall. I have not heard of many and can not think of any specific examples. If a hacher were to findout about any bugs then he/she may be able to "break" the Firewall and gain access, but once again I can not remember a specific example.)

In both of the above situations it can help to use an Intrusion Detection System to alert you to the fact that traffic which you believe should have been stopped at the Firewall is being allowed through. Then hopefully you can reconfigure the Firewall before an attack is allowed through.

(Or if it is a software bug you could upgrade to higher version where hopefully the bug was fixed.)

So it is possible for an attacker to access your server through a Firewall. It was for that reason that Intrusion Detection System products have been developed, and the market for IDS has grown over the last few years. An IDS is an excellent supplement to existing Firewall deployments to further strengthen security.

106
Views
0
Helpful
1
Replies
CreatePlease login to create content