Firewalls don’t make good movie stars

You’ve probably seen all manner of movies where the “hackers” are bypassing firewalls and security systems, and talking about it at the same time, whilst they endeavour to infiltrate heavily defended government and commercial systems.

In Swordfish, Hugh Jackman’s character (Stanley) gets busy in front of some impressive looking computer screens to hack past government firewalls – basically guessing passwords and bypassing some “secure” systems.

Harrison Ford is the security chief of a bank in Firewall. He’s designed a state of the art security system and firewall to protect the bank from fraud and infiltration but is then forced to hack through this system by a group of psychopathic thieves who hold his family to ransom for $100M.

Watch any of the Mission Impossible movies and there’s sure to be firewall hacking and password cracking which looks simply amazing – if only it were real! Even some of the latest James Bond movies feature some fairly spectacular firewall hacking scenes.

And who can forget Sandra Bullock in The Net where she discovers a secret backdoor in a game (Mozart’s Ghost) which can be used to change or erase the personal information of people stored in all manner of government and institutional computer systems. The fact she discovered this on a Macintosh portable computer, using a 3.5” diskette and dial-up modem connection seems to not matter in terms of this “virus” getting past firewalls and into global systems.

The point here is the movie makers like to make firewalls and security systems look like they are systems that actively present you with an opportunity to hack past them (some movies even indicate the characters are hacking past multiple firewall systems), sometimes with just a username and password prompt, present screens full of information once they are bypassed, and allow malicious software to be left behind to facilitate continued penetration of systems.

They make these firewalls look like great movie characters with screen presence but also flaws – perhaps to make them relatable to us humans?

The real truth is firewalls, real firewalls, are nothing like this. A real firewall is not a good movie character, particularly when it’s been setup and installed correctly. A real firewall will not present an FBI branded login screen just waiting for you to break in.

A Good Firewall is not Like a movie star #1

Nor should a properly secured system give you the ability to login from anywhere other than a properly authorised and secured location.

A Good Firewall is not Like a movie star #2

It’s also highly unlikely you’ll get to a login screen and be told what type of encryption is being used.

A Good Firewall is not Like a movie star #3

A real firewall won’t give away its presence where it’s been properly configured – it’s an extra in the movie that shies away from the camera, quietly monitoring the traffic and only springing to action when something “bad” is trying to be done – kind of like Batman quietly watching Gotham City from the roof tops.

A Good Firewall is not Like a movie star #4

If you’re on the outside of the network trying to get in, it shouldn’t give away its identity – it will just give the silent treatment. If you’re on the inside of the network trying to get out then you might get to see its face but it won’t be wearing any makeup in order to look nice under the hot camera lights. You’ll simply be told “no go” and possibly a reason why.

A Good Firewall is not Like a movie star #5

Many people look at the device that provides the connection from their internal network to the Internet and call that their firewall. This is often, sadly, incorrect. Many environments only have a router, which is a poor understudy for the firewall – even those routers that promote the fact they have a Stateful Packet Inspection (SPI) firewall (these aren’t real firewalls!).

A router is a bit like a bouncer outside a venue, simply controlling who can go in without applying any real intelligence to the process (apologies to any bouncers who are reading this!). They can stop someone moving through the doorway but that’s about it.

A real firewall is more like airport security on steroids – checking every person and bag that goes into the secure zone but also checking everything that goes out. Every person is scanned and frisked, every bag examined and also measured to make sure it meets strict size restrictions. And it does this without slowing things down – it’s efficient, thorough, unobtrusive and unbending to any form of flattery or bribery.

So why is this necessary? A firewall is there to not only protect a system from the hackers on the outside, it’s also there to protect the residents on the inside from hurting themselves when they click on links in emails that could be malicious, to stop potentially damaging attachments to email messages from getting in, to prevent people going to websites that could be compromised (the website itself has been hacked and has therefore become dangerous), inappropriate (adult content, illicit drugs, violence, distasteful or anything to do with Collingwood Football Club) or is a source of illegal content (for example illegal downloading of music, movies or books).

The good firewall will be told by the movie director and producers where it’s to stand, how to move, and what to say and will then do so but without stealing the spotlight. It’s not the star of the movie, and it doesn’t want to be. A good firewall is more like Bruce Willis’ character in Unbreakable – the reluctant hero operating in the quiet without fanfare.

Next time you’re watching a movie or TV show, and the characters start talking about breaking through the firewall, hacking the system, decrypting the Matrix or launching some other kind of cyber-attack, know that what they’re doing is nothing at all like real life.

And if you’re concerned about your own systems, if they’re secure from the outside in, or the inside out, and how you can be sure that you have the right level of protection, the best time to take action is now – before the villains hear “roll camera” and get started on their next major scene.

Contact Calvert Technologies for more information – particularly if you don’t want to be the unwilling victim in the next cyber-hacking blockbuster.

Calvert Technologies