Firewall:

A firewall is a filtering
device which protects the network from external attacks by enforcing network
security policies. The firewalls follow deny by default/allow by exception
rule. The exceptions have information about what to allow and what to deny. The
ones that are not matched with any of the rules are denied by default.

Weaknesses and Limitations of the Firewalls:

Not an Authentication System:

A Firewall is designed to
filter the network traffic. It cannot check for logon credentials, biometric scans
etc., as these are the key functions of authentication service which is hosted
on a network server.

Cannot see contents of Encrypted traffic:

A firewall does not have
the ability to see the contents of encrypted traffic. So, the security policy
has to be designed in such a way that the contents of the network traffic would
be checked before it enters the firewall i.e., encryption will be removed or
filtering non-encrypted traffic.

Not a Malicious Code Scanner:

A firewall does not scan
for malicious code. As firewalls filter based on exception rules, it would need
a lot of entries to include such a feature on firewalls. This can just be an
enhancement but we cannot completely rely on this enhancement. So, it is always
recommended to use a separate anti-malware software or scanner to scan
malicious code.

Not an Intrusion Detection System:

IDS monitor all the
network traffic and detect unauthorized activities. It also responds to these
activities. The firewalls can detect unauthorized activities only when these
enter into the firewall interfaces.

Cannot protect against social engineering: 

Social engineering is a
kind of attack which gets information from people and makes them perform few
activities resulting in a security breech. A firewall cannot protect from such
attacks.

Cannot protect against the threat posed by
removable media:

The removable media like
USB’s flash drives, email attachments, CD’s etc., can be a threat to system.
These can install malicious code or malware into the systems or network and can
also leak valuable information of an organization. Firewalls cannot protect
from any threats posed by removable media.

Firewalking:

Firewalking is one of the
limitations of firewall. It is a technique through which a firewall
configuration can be known from outside. When a hacker tries to communicate
with the internal hosts through ports it reveals the information about the open
ports as well as the ports that allow communication with the internal system.

Denial of service:

The DoS attack is a technique
where a large amount of data is sent to a target or victim. If firewall exists
at the target it can detect and defend the DoS attack. However, this would
consume the capabilities of the firewall which would prevent the legitimate
content or traffic from entering the network. Though the firewall can defend
DoS attack it still gets affected.

Internal code planting:

It is a technique where a
code is planted on internal systems which could expose the outbound connections
to malicious entities. The internal host can be compromised through this
attack.

 

Methods to manage limitations:

·      Physical access to the firewall should be
controlled.

·      Using separate authentication software rather
than combining it with the firewall.

·      Running antivirus software and other content
filtering on a different system. 

·      Configuring the firewall to support specific
needs of an organization.

·      Security rules set on the firewall should meet
the organizations security policy.

·      Using Stateful Inspection Firewalls as they can
detect Firewalking and Internal code planting.

·      Using Upstream filtering as it prevents from DoS
flooding attack.