Forrester Research foresees death of firewalls

["SMITH, Michael @Ottawa" <msmith () shl com>]

Forrester has written a report called "Turning Security On Its Head."  The
basic premise is that "Access denial can't be the rule anymore; it must
become the exception.  Forrester calls this new approach Inverted
Security.... By empowering businesses to make more information available to
a wider audience, Inverted Security will facilitate more compelling Web
sites and higher value extranets, thus improving return on security
technology."  What follows are some selected excerpts that deal with
firewalls and may be of interest to this list.

In a section titled "Today's Approach To Security Is Flawed," Forrester
says, "An emphasis on locking everything down has caused most firms to
invest almost exclusively in perimeter security like firewalls.  As a result
of this restrictive approach, many firms are oblivious to new technologies
like application security middleware that enable easy access to corporate
systems.  These companies miss the eCommerce boat as more progressive
competitors seek alternative ways to open up the back-end."

The proposed rules of Inverted Security are: foster openness, shun
complexity, share responsibility, and emphasize accountability.  On this
last point, the report notes, "Real-world business relationships are built
on trust backed by accountability, not prevention."

Expanding on the notion of sharing responsibility, the report says,
"Deploying firewalls to deny bad connections, inspect content, authenticate
users, and encrypt traffic will result in network traffic grinding to a
halt.  Instead, distribute protection throughout the enterprise using
routers, Web servers, and application servers.  Unite these components
through hooks to x.509 certificates, LDAP directories, and policy management
systems like Axent's Enterprise Security Manager."

Finally, in a sort of footnote to the article, there is a small paragraph
titled "Firewalls are overblown."  "According to Jeff Schiller, security
area director for the Internet Engineering Task Force, 'Firewalls have set
the security industry back years.  Not only are many firewalls riddled with
holes, but they assume that there is a perimeter at the edge of the company,
which just isn't true for the virtual corporation.'  Firewalls aren't all
that bad -- they have provided a stopgap measure for initial Internet
security problems.  However, we concur with Shiller [sic] that firewalls are
no panacea.  But before they get ripped out entirely, firewalls will
continue in their roles as enforcement points."

J. Michael Smith
Senior IT Security Consultant
EDS Systemhouse
613-236-6604 ext. 1646