A: No. Firewall products are very useful for controlling what comes into or goes out of a network. But a firewall is like a computer (in many cases, a firewall is a specialized computer); it does only what the person who configures it tells it to do.
Firewalls can recognize and stop some types of attacks, but certain attacks exploit the characteristics of the protocols commonly used for legitimate network communications, and a packet might appear to be nothing more than a benign bit of data destined for a computer on the internal network. Trojans, viruses, and worms piggyback into the network as e-mail attachments or through remote file sharing.
Firewalls wont catch them, but a good antivirus program, frequently updated and set to scan all incoming e-mail, might be able to. Many companies seem to operate under the assumption that installing a firewall is akin to invoking a magic spell that casts a force field of protection around their networks, rendering them completely immune to attack.
Even the best firewall wont protect against social engineering attacks, nor will it do any good against internal attackers who have physical access to the network. Studies have shown that a large number of network-related crimes are actually inside jobs. Be sure to read Chapter 3, where we discuss how firewalls work, so that you understand why they are not the cure-all solution to network security that theyre sometimes made out to be.
Q: I think I understand the differences between a virus, a Trojan, and a worm. But what are all these other types of viruses I hear about: stealth viruses, polymorphic viruses, armored viruses, and cavity viruses?
A: Stealth viruses are able to conceal the changes they make to files, boot records, and the like from antivirus programs. They do so by forging the results of a programs attempt to read the infected files. A polymorphic virus makes copies of itself to spread, like other viruses, but the copies are not exactly like the original.
The virus morphs into something slightly different in an effort to avoid detection by antivirus software that might not have definitions for all the variations. Viruses can use a mutation engine to create these variations on themselves. An armored virus uses a technique that makes it difficult to understand the virus code. A cavity virus is able to overwrite part of the infected (host) file while not increasing the length of the file, which would be a tip-off that a virus had infected the file.