Limitations of Firewalls - An Overview
You should not install a firewall and rest assured that your data is safe. There are several limitations of firewalls. In the fourth article in the series, we discussed types of firewalls, stating that firewalls work on the different layers of TCP/IP model of Internet and OSI model of corporate networks to secure your computer and/or network. For even more protection, the article on types of firewalls said that there should be some set of rules that helps offer further protection to your networks and computers. However, creating a set of rules is different unless you have knowledge of ports. Some firewalls such as the Comodo Internet Firewall (software firewall) make it easier to create custom rules.
For networks, it is important that all the computers are exposed to the outside world - other networks or the Internet - ONLY through a single, strong firewall.
This means that you should designate one computer as main and use strong protection on it. You should not let any computer within the network connect to the outer world on its own, without connecting to the main computer first. In a client-server model, the main computer is the server. For smaller networks, use an operating system that allows you to prevent users of other computers from creating parallel connections to Internet (e.g. dial-up connections).
After all of the above practices, are you completely secure? The answer is a big NO. No matter how much you try, there are some limitations of firewalls and people do try to make good use of them.
Still, you can configure your firewall(s) to reduce risk by “limiting” the “limitations of Firewalls.”
Most Common Limitations of Firewalls
First and foremost among the limitations of firewalls is its architecture. You know that different types of firewalls work at different levels of TCP/IP protocol or sometimes OSI model of networks. Most firewalls work only at topmost layers of these Internet or Network models, thus offering lower security levels.
For example, a firewall operating at Application Level of TCP/IP protocol will check the data pattern and application signature to determine if the packet is safe. If it finds out that the application is present in reputed programs (trusted programs list of your operating system, firewall, or previously allowed application list) the firewall lets the data packet into the computer or network.
This is easy to exploit if any bot or hacker is observing the data packet patterns. It becomes easy for the hacker to create fake packets containing “trusted source IP” to hack your computer/network.
You can overcome such limitations of firewalls by creating additional set of rules that compels the firewall to scan the data packets in even more depth, maybe at a different network layer. However, you need some expertise about the network models to create such rules.
Among second-most top limitations of firewalls is the configuration of a network. If the network is not configured properly, the firewall can do nothing. If there is a lapse in network design, any firewall will fail - no matter how much you spend on the network safety. This can be controlled by involving experienced network designers and restricting access to other computers from installing a parallel Internet connection such as a dial up connection. If anything needs to be installed, install it through the main computer to overcome this limitation of firewall.
Finally, firewalls do NOT substitute your antivirus or antimalware. You need to install a good Internet Security suite. If you cannot afford an Internet Suite, you can get one of the best antivirus and make sure it is present on each of your computers - whether or not a network.
Tip: With routers and broadband modems offering firmware firewalls, you can use them as primary firewall and then install ONLY one software firewall on computer to overcome limitations of firewalls.
This post is part of the series: Types of Computer Security - How Important is a Computer Firewall
This series on types of computer security informs you about different types of security threats. It helps you deal with security threats to computer and security threats to networks. The series on types of computer security also discusses computer based security systems before detailing firewalls.