The futility of common firewall policies: an experimental demonstration.

Abstract Many healthcare organizations utilize network "firewalls" to protect their networks from being accessed by unauthorized external entities. These same firewalls are also often configured to deny access to certain external services from within the internal network. The latter policy can be subverted through a "protocol tunneling" strategy, which has been implemented as a set of programs called "Firehole." Organizations should be aware of this potential weakness in their network security designs. Policies that deny external services to users should be carefully evaluated in light of clearly defined organizational goals.