Before the Firewall
Updated: Feb 25
It is interesting to start from where we come from when you look at network and data protection. How was it like before the Firewall invention? Until we worked with a firewall, there was a time every device had a public address; every device has it today but is usually set as a private address.
Risk existed, but no one was worried about it until hackers started to abuse their ability to enter and collect data. There was no way, at first, to find out the source of an attack. It made avoiding potential attacks impossible.
Initially, they used a combination of routers and ACLs. An ACL means an Access Control List. An ACL allows a router to make a decision allowing or rejecting traffic depending on the IP address of origin or destination. That is, at a very specific time, they look at a packet of information without seeing it in the context of other packets that surround it.
It's inefficient because it can't make a pre- or post-coming packet decision. ACL must look at every single packet, which can take up all of a router's processing power, particularly during an attack. If the ACL is for a lot of information to be busy and overworked which made it become useless.
The earliest breaches occurred in 1986, at Lawrence Livermore Labs when Stohl saw an attack coming into the network. He set up a "honeypot" of appropriate data to drag the hacker in and then return immediately to where the breach originated.
What did NAT(Network Address Translation) look like before?
Public to private IP addresses was not translated. Anyone wishing to do a simple port scan or address scan on a network could retrieve information about what IP addresses were attached to which devices. For example, before NAT, it was easy to identify a server's specific IP address that held mission-critical data for a business.
A port scan will look at what sort of traffic on a router passes through those ports. Depending on the type of traffic, different ports may be open or closed or limited. A simple port scan may tell a hacker what they were and if some kind of application could be exploited. It would be the time through which an attack could occur.
ACLs applied to the port, and IP addresses lay down rules which would require or deny traffic inside the router. There is no memory of other packets that are refused under the ACL rule as it is stateless, allowing decisions without meaning. ACLs aren't smart enough to identify an attack or warn it. They 're always making one-off choices, packet by packet.
Why does this matter?
The early days of network protection and computer security were a free unregulated for everyone without caring about what the consequences would be. Technologies for securing mission-critical data were not proactively established. ACLs were essentially just dumb filters, far from what is needed and what we now have. Many companies still today underestimate the real risks to their company.
Many organizations have rather simple settings for the firewall, security settings, or policy settings. Safety is a very complex setting, not set-it-and-forget-it. When a customer has not checked their protection in the last six months or a year, it is time to take a look at your network and have a discussion with your IT professional.