Re: Forrester Research foresees death of firewalls

["Kevin T. Shivers" <kts () clark net>]

WARNING:  This rant comes from an 18 year old recent high school graduate,
so take what I say with a grain of salt.  Oh, and feel free to send
graduation cards and money to.... (just joking :) )

On Tue, 15 Jun 1999, SMITH, Michael @Ottawa wrote:

> Forrester has written a report called "Turning Security On Its Head."  The

God I hope my higher-ups don't see this.

> of this restrictive approach, many firms are oblivious to new technologies
> like application security middleware that enable easy access to corporate
> systems.  These companies miss the eCommerce boat as more progressive
> competitors seek alternative ways to open up the back-end."

OK, forgive my daftness, but why would an e-commerce site need to have
"easy access to corporate systems"?  I would think that e-commerce systems
would be fairly self contained and could all be placed in front of the
firewall or in the DMZ.  I would think that most of the commerce
related systems (web server, inventory, payment and order systems, etc.) 
of big e-commerce sites like amazon.com would be this way and the rest of
the systems (corporate, accounting, IT, what have you) would be well
protected behind a firewall or two.

> Expanding on the notion of sharing responsibility, the report says,
> "Deploying firewalls to deny bad connections, inspect content, authenticate
> users, and encrypt traffic will result in network traffic grinding to a
> halt.  Instead, distribute protection throughout the enterprise using
> routers, Web servers, and application servers.  Unite these components
> through hooks to x.509 certificates, LDAP directories, and policy management
> systems like Axent's Enterprise Security Manager."

I don't know about you all, but my network operates just fine with my
firewall doing everything listed above and more.  

I'd also like to know where Forrester grows their money off of trees since
my funds certainly are limited.  I agree with people who say that
firewalls are not enough and that more measures are needed, but a firewall
protecting the front gate seems to be a good start, and is a lot cheaper
and a lot less time consuming than tryng to secure everything in the
entire enterprise.

I'd also like to know how they fit 50 hours into a day to accomplish the
feats needed to unite everything like this together. :)

> that bad -- they have provided a stopgap measure for initial Internet
> security problems.  However, we concur with Shiller [sic] that firewalls are
> no panacea.  But before they get ripped out entirely, firewalls will
> continue in their roles as enforcement points."

I don't think that firewalls will ever go away, as many other people on
this list have stated.  A firewall is part of a strong security backbone
that a company connected to the internet needs to have.  Or at least that
is what has been pounded into my head my countless people, articles,
posting, books, etc.  Just call me a product of peer pressure. :)

kts

--
Kevin T. Shivers                 NT & UNIX Systems Mutiliator
Shivers Consulting               http://www.clark.net/pub/kts
kts () clark net

My words are just that: mine.  They do not represent the words of my
employers or clients.