Firewall Wizards mailing list archives
Re: Forrester Research foresees death of firewalls
From: David LeBlanc <dleblanc () mindspring com>
Date: Sun, 20 Jun 1999 12:21:09 -0700
At 10:42 PM 6/16/99 -0400, Adam Shostack wrote:
Firewalls enter into the picture only as a perimiter tool; you ensure data only gets in on two or three points. The real security will need to be on the servers. Lets stop trying to pretend firewalls are anything more than a stopgap.
I can't agree that firewalls are only a stopgap. I do agree that it is a tremendous fallacy to think that because you have a firewall, your network is now secure. IMO, there are a lot of components to properly securing a network, especially a very large one. I wouldn't want to try and secure an enterprise network without a firewall - I _might_ be able to secure a half-dozen machines against the full extent of what is thrown at me from the internet without one, but when you start to talk about tens of thousands of machines, then thinking that you can implement host-based security is, IMNSHO, ridiculous. Perhaps I can lock down my really important machines (and should, as most compromises are from the inside), but we all know that one can often leverage a compromise of an unimportant machine to compromise others. I would no more consider not securing the perimiter any more than I would consider leaving the locks off my doors at home. That's only the first step - I also need to educate my users, establish a policy of what is acceptable, and find ways to enforce that policy. I also need some way to monitor the network, both on the wire and host-based - remember that you'll NEVER get all the hordes of end-users all locked down as you'd like, except in the most restrictive and security-conscious environments, so you need some way to verify what you've got out there, what problems it might have, and in a large network some way to manage all that data. Take away any one component of securing the network, and you're going to have problems - we need all of this in place. David LeBlanc dleblanc () mindspring com
Current thread:
- Forrester Research foresees death of firewalls SMITH, Michael @Ottawa (Jun 15)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)
- Re: Forrester Research foresees death of firewalls Rick Smith (Jun 16)
- Re: Forrester Research foresees death of firewalls Technical Incursion Countermeasures (Jun 16)
- Re: Forrester Research foresees death of firewalls Tim Kramer (Jun 16)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 20)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 21)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Kevin T. Shivers (Jun 20)
- Re: Forrester Research foresees death of firewalls Paul D. Robertson (Jun 20)
- Re: Forrester Research foresees death of firewalls Joseph S D Yao (Jun 21)
- <Possible follow-ups>
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 16)
- Re: Forrester Research foresees death of firewalls Robert Graham (Jun 20)
- Re: Forrester Research foresees death of firewalls Bennett Todd (Jun 21)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 21)
- Re: Forrester Research foresees death of firewalls Bennett Todd (Jun 21)
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 20)
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 21)
(Thread continues...)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)