We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

NSS Labs Finds Most Firewalls Vulnerable to Attack

A study by NSS Labs finds a majority of firewalls from leading vendors fail at the basic task of protecting the network.

The firewall is the line of defense separating the internal network or endpoint PC from all of the malicious bad stuff "out there". A new report from NSS Labs, though, finds that a majority of network firewalls are susceptible to attack or compromise.

Imagine other safety or security measures. What if there was a 50-50 chance that the brakes on your car would fail each time you press the pedal? How dangerous would it be if there was a five out of six chance that your parachute would not open when skydiving? That is about how much protection your firewall may be providing based on the results in the NSS Labs report.

"IT organizations worldwide have relied on third-party testing and been misled," said Vik Phatak, CTO of NSS Labs. "These test results point towards the need for a much higher level of continuous testing of network firewalls to ensure they are delivering appropriate security and reliability."

We're not talking about some low-budget shareware firewalls, either. The NSS Labs study examined the stability and integrity of flagship firewalls from leading vendors: Check Point, Cisco, Fortinet, Juniper, Palo Alto Networks, SonicWALL. This list is the cream of the crop--the all-stars of network firewalls.

NSS Labs tested firewalls that have passed the standard industry certifications. These firewalls are all ICSA Labs and Common Criteria certified, yet most were found susceptible to crashing or vulnerable to attack--rendering them essentially useless for their intended purpose.

The firewall testing found:

• Half of the firewalls tested could not survive the stability tests and lacked the resiliency to remain operational.

• Virtually all of the firewalls--five out of six--were found susceptible to a TCP Split Handshake spoof attack (a.k.a. Sneak ACK attack) that can be used to circumvent the firewall.

The NSS Labs testing indicates serious issues with these top-of-the-line flagship firewall products. Despite the maturity of the firewall market, and the fact that these firewalls passed standard industry certifications, most fail at the basic function of keeping the malicious bad stuff "out there".

The full Network Firewall Comparative Group Test Report--which includes remediation guidance to improve protection--is available to NSS Labs subscribers.


IDG UK Sites

Windows 9 release date, price, features: Windows 9 beta leaked ahead of 30 September unveiling

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

The Samsung Gear VR is better than the Oculus Rift (kinda)

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...