You are somewhat correct. The attack vectors that are eliminated by closing ports on the firewall are:
1) Port based exploits
2) Man-in-the-middle attacks
3) Wireless attacks-as long as router or AP is protected by Steelcape
4) DNS hijacking
5) packet ip spoofing and hijacking
If TJMAXX was using a stronger password policy and was using Steelcape's protocol from the WAP or wireless router to the wireless device or to the server there would be no $6 billion dollar poster child, since their firewall would have denied the hackers attempts to access their private network.
UTM is the new buzzword for security appliances, which for the lay person is: unified threat management. As complicated as UTMs are, when sold to SMB users, as described in the article, most do not employ a full-time sys-ad and either self configure or hire a consultant. The problem is that daily business needs are dynamic and the average VP/CFO/CTO/CSO/CIO all in one will not configure all of the flags, filters, and rules to adequately protect the internal network, like accidentally placing the file server in the DMZ.
These UTM devices are marketed as the drop in fix-all plug it in and forget about it solution, and not to mention affordable for the SMB market.
UTMs are also in the Enterprise market as large companies buy smaller companies to create SOA UTMs, like Cisco buying Iron Port, and are a morphed version of VPN, IPS, Firewall, NAC, and AV rolled into one. Traditionally each device required a sys ad and now with the new SOA model only 1 person is needed to manage that 1 box. So now imagine what 4 sys ads did and there is 1 sys ad with 1 device and the many flags?
In the end the private network still gets hacked since the ports are open on the firewall and the NAC and IPS do not detect the hostile packets as the hackers have already found a way to bypass the security.
Why so complicated?
What about just closing the ports on the firewall entirely and using a basic commodity firewall? Then how is traffic going to get through like VPN? Easy. Steelcape Inc has engineered a new protocol that allows traffic to go through the closed ports on a firewall thus eliminating the primary attack vector of hackers. Set up takes only minutes and there is an added layer of security with an enterprise server that determines which zones can transact data which is similar to a VLAN.
If these SMBs used the Steelcape solution they would have kept their firewalls and had a securer network.
If they could only procure faster:
technology, personnel, etc...
The government agencies could have used more cutting edge security like NACs, IDS, and IPS appliances.
To be even more cutting edge they could have implemented the super stealthy Steelcape protocol and had all of their firewalls locked down. I came across Steelcape while looking for port scanning software and realized they are a security company.
The protocol allows packets to go through closed ports on the firewall, and the packets themselves are encrypted with 256 RSA. Another cool thing is that the packet header has a 48 bit digital signature that regenerates very few milliseconds, which would seem to eliminate any man-in-the-middle attacks or packet hijacking.
The problem is that government is so standards based by the time the implement a new security strategy, the hackers will already know how to breach it.
Slashdot Mirror
see for yourself:
http://www.steelcape.com/
You are somewhat correct. The attack vectors that are eliminated by closing ports on the firewall are:
1) Port based exploits
2) Man-in-the-middle attacks
3) Wireless attacks-as long as router or AP is protected by Steelcape
4) DNS hijacking
5) packet ip spoofing and hijacking
If TJMAXX was using a stronger password policy and was using Steelcape's protocol from the WAP or wireless router to the wireless device or to the server there would be no $6 billion dollar poster child, since their firewall would have denied the hackers attempts to access their private network.
UTM is the new buzzword for security appliances, which for the lay person is: unified threat management. As complicated as UTMs are, when sold to SMB users, as described in the article, most do not employ a full-time sys-ad and either self configure or hire a consultant. The problem is that daily business needs are dynamic and the average VP/CFO/CTO/CSO/CIO all in one will not configure all of the flags, filters, and rules to adequately protect the internal network, like accidentally placing the file server in the DMZ. These UTM devices are marketed as the drop in fix-all plug it in and forget about it solution, and not to mention affordable for the SMB market. UTMs are also in the Enterprise market as large companies buy smaller companies to create SOA UTMs, like Cisco buying Iron Port, and are a morphed version of VPN, IPS, Firewall, NAC, and AV rolled into one. Traditionally each device required a sys ad and now with the new SOA model only 1 person is needed to manage that 1 box. So now imagine what 4 sys ads did and there is 1 sys ad with 1 device and the many flags? In the end the private network still gets hacked since the ports are open on the firewall and the NAC and IPS do not detect the hostile packets as the hackers have already found a way to bypass the security. Why so complicated? What about just closing the ports on the firewall entirely and using a basic commodity firewall? Then how is traffic going to get through like VPN? Easy. Steelcape Inc has engineered a new protocol that allows traffic to go through the closed ports on a firewall thus eliminating the primary attack vector of hackers. Set up takes only minutes and there is an added layer of security with an enterprise server that determines which zones can transact data which is similar to a VLAN. If these SMBs used the Steelcape solution they would have kept their firewalls and had a securer network.
If they could only procure faster: technology, personnel, etc... The government agencies could have used more cutting edge security like NACs, IDS, and IPS appliances. To be even more cutting edge they could have implemented the super stealthy Steelcape protocol and had all of their firewalls locked down. I came across Steelcape while looking for port scanning software and realized they are a security company. The protocol allows packets to go through closed ports on the firewall, and the packets themselves are encrypted with 256 RSA. Another cool thing is that the packet header has a 48 bit digital signature that regenerates very few milliseconds, which would seem to eliminate any man-in-the-middle attacks or packet hijacking. The problem is that government is so standards based by the time the implement a new security strategy, the hackers will already know how to breach it.