Rrlangly,
You’ve certainly placed a great question on our forums.
There is definitely a major misunderstanding in the IT industry that by installing and configuring a Firewall, the company and its network infrastructure is well protected.
What people do not understand is that a Firewall is nothing more than a smart device that is configured to allow traffic to pass or not. If it’s a stateful firewall, it will also have the ability to track connections making it much harder to hi-jack sessions and have the ability to dynamically open ports.
The truth is that most successful hacking attempts to major sites are not because the Firewall failed to protect the company, but because the webservers and applications running on them were vulnerable to attacks. Hackers found various exploits and used them to gain unauthorized access to the web servers. From there, hackers usually use the vulnerable and exploited servers as ‘stepping stones’ in order to get access to the internal network. From there on, it’s usually a piece of cake to get access to resources and sensitive information.
An extremely good example is a recent article Ι wrote here on Firewall.cx, which
analyses the implications of unsecure webservers and websites for businesses
:
www.firewall.cx/general-topics-reviews/s...tions-companies.html
In this article, you’ll read about real facts where large world-wide corporations have been hit by hackers who exploited vulnerable servers, by-passing firewalls as if they were never in place. We are talking about millions of accounts compromised and extremely sensitive information being accessed and distributed by hackers.
The market was well aware of these issues, which is why Intrusion Prevention Systems (IPS) / Intrusion Detection Systems (IDS) started making their appearance in the market. These devices, when setup correctly, examine packets and traffic flow in a much higher level within the OSI model, as opposed to Firewalls, so they are capable of detecting various attacks/exploit attempts which would otherwise seem like valid traffic to Firewalls.
Coming to your question if a talented organization is able to penetrate a properly configured firewall, I’d answer that it depends on what’s running behind the firewall. If the target is a web server or some other device which the Firewall is configured to port-forward traffic to, then I’d answer ‘yes’ – it’s most likely that they will find some exploit and expose it – the Firewall is still doing its job, but its unable to distinguish exploit attempts from normal user traffic!
Hope this helps.
Chris.