BOX 3.1

What Firewalls and Antivirus Products Protect Against

Firewalls—whether implemented with hardware or software—are used to prevent malicious or unwanted traffic from reaching protected resources or to allow only authorized traffic (e.g., from specific network addresses). Antivirus products generally scan files or file systems looking for known computer viruses or malicious code, usually relying on a frequently updated virus definition file.

Below is a short list of some of the vulnerabilities that firewalls and antivirus products attempt to address:

  • Worms. Both firewalls and antivirus products can be used to identify and slow (or halt) the propagation of computer worms, which, unlike viruses, can act independently once released.

  • Viruses. Antivirus products can scan for, remove, and often repair damage done by viruses obtained from opening infected e-mails or other means.

  • Trojans. Antivirus products can identify and remove Trojan horse software (i.e., malicious software that masquerades as legitimate software), while firewalls can be used to spot and prevent network traffic associated with Trojan horse software.

  • Vulnerability scans. Firewalls can be used to prevent automated portscanning tools from outside the firewall from uncovering open ports on (or otherwise learning about) potentially vulnerable machines behind the firewall.

  • Denial-of-service attacks. Firewalls can often assist in mitigating denial-of-service attacks by blocking traffic from offending network addresses.

  • Insider misbehavior. Firewalls are often used to block specific kinds of network traffic (or requests) from those inside the firewall as well—for example, by not allowing traffic over specific ports used by applications deemed inappropriate for a given setting (e.g., P2P file-sharing applications in an office setting) or by blocking access to specific Web sites that an organization has deemed inappropriate for a given setting.

the good guys find them or in response as the bad guys find them). Moreover, end users often do not avail themselves of known cybersecurity technologies and practices that could significantly improve their individual resistance to cyberattack of various kinds. For example, they often do not install patches to systems that could close known security holes in their design, implementation, or configuration. Vendors of IT products and services often do not use technologies and development practices that could reduce the number of security vulnerabilities embedded in them. For example, they do not use known technologies that might prevent the buffer overflows that continue to account for roughly half of all

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement