Bigger isn’t better in security: Flaws in the Great Firewall of China

As you likely know, China filters Internet traffic coming into their country.  There is some content that they do not want their citizens viewing so they block it.  We refer to this system as the “Great Firewall of China” but it is not just one firewall.  It is a massive system of Internet filtering devices at various points where the Chinese networks interface with the networks of other countries.
Computer experts from the University of Cambridge were able to breach the “Great Firewall of China” and also have found a way to use the firewall to launch DoS (Denial of Service) attacks.
The firewall was tested by sending data packets containing the word “Falun” to it. This word is a reference to the Falun Gong religious group, which is banned in China. By using forged packets, they were able to circumvent the firewall’s filters.
Furthermore, the Chinese firewall can also be used to launch denial-of-service attacks. The system can essentially be turned around on the Chinese government. Sites could be blocked that the Chinese government wants people to see and others could be let in.
This should be a lesson to us all.  Every system can be broken with enough effort and sometimes systems can be turned on their masters to perform malicious actions like Denial of Service.  In this case, the researchers did not exploit this functionality but if attackers found a similar vulnerability in the firewall at your organization, do you think they would leave it alone?
The first thing to do to combat this issue is to gain awareness of the issue.  Conduct vulnerability scans on your equipment and keeps systems and network devices up to date with the latest firmware, application updates, or operating system patches.  These updates often fix vulnerabilities in software but other vulnerabilities are caused by configuration errors and these can be identified with a vulnerability scan.  You can perform the scan yourself using open source tools such as OpenVAS or you can hire a security company to do the work for you.

About The Author

Eric Vanderburg

Eric Vanderburg is an author, thought leader, and consultant. He serves as the Vice President of Cybersecurity at TCDI and Vice Chairman of the board at TechMin. He is best known for his insight on cybersecurity, privacy, data protection, and storage. Eric is a continual learner who has earned over 40 technology and security certifications. He has a strong desire to share technology insights with the community. Eric is the author of several books and he frequently writes articles for magazines, journals, and other publications.

Leave a Reply