"Firewalls are a hack and should go away." A lot of people think that, but unlike William R. Cheswick, most of them haven't coauthored the enormously successful reference book Firewalls and Internet Security: Repelling the Wily Hacker, now in its second edition (Addison-Wesley).
Ches, as he's usually called, is a happy contrarian. In the summer of 2000, just as the telecom bubble was bursting, he and several colleagues left Lucent Technologies Inc. to start up Lumeta Corp., in Somerset, N.J. Today, half the Fortune 200 and many large government agencies have hired Lumeta to probe their networks for vulnerabilities. Last month, Cheswick gave a talk at an Internet security conference entitled "My Dad's Computer, Microsoft, and the Future of Internet Security." He spoke recently with IEEE Spectrum Senior Associate Editor Steven Cherry.
What exactly is a firewall?
It's a border guard. It stands between the city-states of the Internet. It stops every packet of data and makes sure it's okay. Ideally, a firewall lets in the good stuff and keeps out the bad. It divides the world into a good side and a bad side. One of the big issues with firewalls is that there can be problems with the good stuff as well. Firewalls won't be going away anytime soon, by the way. It just would be good if they eventually could.
What are some of the problems with the good side?
Look, there are three parts to this. We have users, computers, and the communication links between them. There have been problems here and there, but by and large, the server at, say, your bank, is pretty secure. It's run by professionals who know what they're doing. They mostly get this right
Then there's the communications link. There, we're protected by SSL [Secure Socket Layer] technology and related standards, based on cryptography that's been pretty good. A lot of people didn't notice, but in 2003 the U.S. National Security Agency said that the standards that underlie online encryption, when properly implemented--although that can be hard--are suitable for Type 1 encryption.
That's what's approved for top-secret U.S. government communications. So the communications link is pretty secure.
What we have left is the client computer and the bozo at its keyboard. And you can't fix the bozo at the keyboard.
But we can fix the client computer? For most people, that means fixing the Microsoft Windows operating system.
Right. Microsoft gets a lot of grief, but it has made some real progress. I think Bill Gates gets it now. The latest set of patches, Service Pack 2, did a lot.
Did Service Pack 2 do enough?
Look, it's like going to the dentist for the first time in 20 years. It's going to take more than a couple of visits.
We like to do security by design, build security in from the start. Microsoft is trying to do that with the next version of Windows. For this version, it's too late. They're trying to clean the Augean stables. Microsoft has a long way to go.
But they're working on it. Which brings us back to the bozo at the keyboard.
Right. And you'll never fix that.
But we can do some things to reduce risk.
For one thing, we need better ways for people to prove they're who they say they are--so only you can log into your bank account on the Web, for example. One thing is a physical key, such as a USB device. Everyone should have one of these, and they should have to type in a PIN to use it. That would establish who's at the keyboard. It would be inconvenient, but we do it with cars.
You also advocate what are called thinner clients. What are those?
The first thing I do with a new machine is throw away functionality. You shouldn't be susceptible to bugs in software that might give an attacker a window to break into your computer if you don't use that software.
That means discarding programs or turning off some built-in services.
Right. The average user has no idea what some of the stuff on his computer is or what it does. It's all under the hood. For example, I looked at my dad's computer awhile ago, and it was running a network time server. Now, by default, Microsoft machines use network time; they go check a time server once a week and make sure the computer has the right time. That's a good thing. But my dad was running a time server himself! He was providing this as a service to other computers. He had no idea. "Best block is not be there." That's a quote from the movie The Karate Kid. Peace of mind comes from staying out of the battle altogether.