Firewall Wizards mailing list archives
Forrester Research foresees death of firewalls
From: "SMITH, Michael @Ottawa" <msmith () shl com>
Date: Tue, 15 Jun 1999 10:05:07 -0600
Forrester has written a report called "Turning Security On Its Head." The basic premise is that "Access denial can't be the rule anymore; it must become the exception. Forrester calls this new approach Inverted Security.... By empowering businesses to make more information available to a wider audience, Inverted Security will facilitate more compelling Web sites and higher value extranets, thus improving return on security technology." What follows are some selected excerpts that deal with firewalls and may be of interest to this list. In a section titled "Today's Approach To Security Is Flawed," Forrester says, "An emphasis on locking everything down has caused most firms to invest almost exclusively in perimeter security like firewalls. As a result of this restrictive approach, many firms are oblivious to new technologies like application security middleware that enable easy access to corporate systems. These companies miss the eCommerce boat as more progressive competitors seek alternative ways to open up the back-end." The proposed rules of Inverted Security are: foster openness, shun complexity, share responsibility, and emphasize accountability. On this last point, the report notes, "Real-world business relationships are built on trust backed by accountability, not prevention." Expanding on the notion of sharing responsibility, the report says, "Deploying firewalls to deny bad connections, inspect content, authenticate users, and encrypt traffic will result in network traffic grinding to a halt. Instead, distribute protection throughout the enterprise using routers, Web servers, and application servers. Unite these components through hooks to x.509 certificates, LDAP directories, and policy management systems like Axent's Enterprise Security Manager." Finally, in a sort of footnote to the article, there is a small paragraph titled "Firewalls are overblown." "According to Jeff Schiller, security area director for the Internet Engineering Task Force, 'Firewalls have set the security industry back years. Not only are many firewalls riddled with holes, but they assume that there is a perimeter at the edge of the company, which just isn't true for the virtual corporation.' Firewalls aren't all that bad -- they have provided a stopgap measure for initial Internet security problems. However, we concur with Shiller [sic] that firewalls are no panacea. But before they get ripped out entirely, firewalls will continue in their roles as enforcement points." J. Michael Smith Senior IT Security Consultant EDS Systemhouse 613-236-6604 ext. 1646
Current thread:
- Forrester Research foresees death of firewalls SMITH, Michael @Ottawa (Jun 15)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)
- Re: Forrester Research foresees death of firewalls Rick Smith (Jun 16)
- Re: Forrester Research foresees death of firewalls Technical Incursion Countermeasures (Jun 16)
- Re: Forrester Research foresees death of firewalls Tim Kramer (Jun 16)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 20)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 21)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Kevin T. Shivers (Jun 20)
- Re: Forrester Research foresees death of firewalls Paul D. Robertson (Jun 20)
- Re: Forrester Research foresees death of firewalls Joseph S D Yao (Jun 21)
(Thread continues...)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)