Firewall Wizards mailing list archives
Re: Forrester Research foresees death of firewalls
From: "Tim Kramer" <tkramer () irt net>
Date: Wed, 16 Jun 1999 05:04:03 +0000
Forrester seems to have taken an idealistic view of what network security (in their view) should be. Uh, hmm.... This means: 1) My employer is supposed to share its computing resources with anyone that wants it? (e-mail services, address book, corporate phone book, software we wrote, software we bought, etc) 2) Everyone in the world will suddenly become trustworthy and be nice to each other? (no more disgruntled employees, virus authors, hackers, crackers, spies, thieves, etc) 3a) I'm due for a lobotomy? (That's the only way I'll start trusting strangers who appear at my outer interface.) (I only provide one service to the outside world and it's not for general use. It's also routed to a separate Class C.). 3b) My son (and my neighbor's sons) won't see the light of day until his(their) eighteenth birthday? Alternate question: (possible extra credit) Describe the average hacker on the Internet. (extra-extra credit if you can do it in two words) Upon close inspection of the below, I take exception to: 1) "shared responsibility" - if someone changes/damages resources on my network, I want to be able to focus on the SOLE person responsible. 2) "Real world business relationships are built on trust backed by accountability" We're talking about capitalism here, right? What school of business is teaching THAT paradign? I seem to remember that businesses compete with one another. If the guy down the street is selling the same product as I am, I supposed to let him know how I can sell the product 10% cheaper than he can? 3) "not prevention" - I'm not supposed to put the burglar alarm in my store just to be sure that the guy (in 2 above) doesn't break into my store to find out that same information without my permission? 4) "inspect content" - I think that last week was a prime example why we should inspect content that comes off the Internet. ExploreZip sounds like a very nasty virus to have loose on your internal network. 5) "foster openness, shun complexity" in one paragraph, "hooks to x.509 certificates, LDAP directories, and policy management" in the next paragraph. What is THIS, some sort of oxymoron? I guess it's easy as long as you don't have to administer LDAP and certificate servers. Also, what is meant by the phrase "policy management"? If I have a policy I'd like implemented on my network, I'm not supposed to make it easy on myself by having a single point on the network where I can enforce that policy? (Before you respond, remember, this IS one of the things that a firewall does.) I think that Forrester has gotten just a little too obstract in their thinking. Some- what like saying that law enforcement is a bad thing as it intrudes on many of our freedoms and people often get hurt by law enforcement officers. So we should do away with laws, be nice to each other, and share our belongings (after we've written our name on them so that we know who owns them when it comes time to fix them). Is Forrester actively involved in any form of computer security? Do they have any valid basis for such a Luddite-type of view of network security? Anyone? I read this as a type of "information-wants-to-be-free", remember-the-good- old-days-when-you-could-trust-strangers" rhetoric. It borders on being offensive. (Sorry. Flame me if you want.) Tim Kramer tlk () irt net systems like Axent's Enterprise Security Manager. "SMITH, Michael @Ottawa" wrote: <snip>
The proposed rules of Inverted Security are: foster openness, shun complexity, share responsibility, and emphasize accountability. On this last point, the report notes, "Real-world business relationships are built on trust backed by accountability, not prevention." Expanding on the notion of sharing responsibility, the report says, "Deploying firewalls to deny bad connections, inspect content, authenticate users, and encrypt traffic will result in network traffic grinding to a halt. Instead, distribute protection throughout the enterprise using routers, Web servers, and application servers. Unite these components through hooks to x.509 certificates, LDAP directories, and policy management systems like Axent's Enterprise Security Manager."
<snip>
Current thread:
- Forrester Research foresees death of firewalls SMITH, Michael @Ottawa (Jun 15)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)
- Re: Forrester Research foresees death of firewalls Rick Smith (Jun 16)
- Re: Forrester Research foresees death of firewalls Technical Incursion Countermeasures (Jun 16)
- Re: Forrester Research foresees death of firewalls Tim Kramer (Jun 16)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 20)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 21)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Kevin T. Shivers (Jun 20)
- Re: Forrester Research foresees death of firewalls Paul D. Robertson (Jun 20)
- Re: Forrester Research foresees death of firewalls Joseph S D Yao (Jun 21)
- <Possible follow-ups>
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 16)
- Re: Forrester Research foresees death of firewalls Robert Graham (Jun 20)
- Re: Forrester Research foresees death of firewalls Bennett Todd (Jun 21)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 21)
- Re: Forrester Research foresees death of firewalls Bennett Todd (Jun 21)
(Thread continues...)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)