Firewall Wizards mailing list archives

Re: DISA eliminating firewalls

From: "Young,Greg" <Greg.Young () gartner com>
Date: Sat, 6 Jul 2013 18:33:26 +0000

BYOD doesn't mean give up on the network edge and firewalls.  And a more complex Internet edge doesn't mean your data 
center doesn't need protecting from the outside and the WAN: just the opposite.  This is why the increase in defence in 
depth.  As long as end points are not all  vulnerability free and all managed we can't exclusively rely on host 
security.  And firewalls aren't the silver bullet, but they can sure narrow the aperture for attacks.

This is a similar discussion to the ones a few years ago around the Jericho Forum.  Anyone up for hanging their data 
server off the inet?  Have an updated CV if you do.

I think that article speaks more to the frustrations around data security really.  Data security and network security 
aren't exclusive though.



On 2013-07-06, at 12:11 PM, "Crispin Cowan" <crispin () crispincowan com<mailto:crispin () crispincowan com>> wrote:

“What will happen when firewalls go away?” is a very good question, i don’t have that answer. I simply assert that 
firewalls will go away, because they will become irrelevant. They are already barely relevant because of mobile 
devices. The threatscape is ignoring your firewall and walking straight through the front door attached to each 
individual worker in the form of a smart phone or a tablet. Not only do the users use them any way they want while away 
from the office, most of these devices are dual-homed to your network and a cellular network plumped right to the 
internet.

It is neither my choice nor my wish that firewalls will go away, merely an inevitable consequence of pervasive mobile 
computing in the enterprise.

Sent from Windows Mail

From: Tim Harris
Sent: ‎Saturday‎, ‎July‎ ‎6‎, ‎2013 ‎8‎:‎11‎ ‎AM
To: Firewall Wizards Security Mailing List

I don’t disagree with your comment about the crunchy outside/gooey middle but If firewalls are to go away, what will 
happen to the function they perform?  Are we going to discard the entire function of coarse filtering?  It has been 
amply demonstrated that the individual device is not currently capable of adequately defending itself.

Going back to my other comment about many points of administration, is there a software package or system that can/will 
reduce it down to a manageable problem?  Is there a “meta-admin” system out there or under development?

From: firewall-wizards-bounces () listserv icsalabs com<mailto:firewall-wizards-bounces () listserv icsalabs com> 
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Crispin Cowan
Sent: Friday, July 05, 2013 12:04 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] DISA eliminating firewalls

Firewalls are virtually guaranteed to disappear. The writing was on the wall the first time “crunchy outside, gooey 
middle” was uttered. Smart phones and tablets dig the hole deeper, and BYOD is the nail in the coffin.

You cannot protect your networks in a world full of smart phones and tablets, owned by consumers, which must be allowed 
to connect to the network. The only thing you can do at that point is to stop trusting the network, and instead trust 
individual nodes, and use encrypted channels (IPsec, SSL, whatever) between nodes that trust each other.

When this will happen is far less clear, and it may be that DISA is a bit premature here. But this is coming, get used 
to it.

Sent from Windows Mail


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com<mailto:firewall-wizards () listserv icsalabs com>
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

________________________________

This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may 
contain information that is confidential or legally protected. If you are not the intended recipient or have received 
this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. 
Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner 
makes no warranty that this e-mail is error or virus free.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: DISA eliminating firewalls, (continued)
- Re: DISA eliminating firewalls Árpád Magosányi (Jul 04)
  - Re: DISA eliminating firewalls André Lima (Jul 04)
    - Re: DISA eliminating firewalls Tim Harris (Jul 05)
    - Re: DISA eliminating firewalls Patrick M. Hausen (Jul 06)
    - Re: DISA eliminating firewalls Tim Harris (Jul 06)
- Re: DISA eliminating firewalls Bennett Todd (Jul 05)
- Re: DISA eliminating firewalls Crispin Cowan (Jul 05)
  - Re: DISA eliminating firewalls Claudio Telmon (Jul 06)
  - Re: DISA eliminating firewalls Tim Harris (Jul 06)
- Re: DISA eliminating firewalls Crispin Cowan (Jul 06)
  - Re: DISA eliminating firewalls Young,Greg (Jul 06)
  - Re: DISA eliminating firewalls kent (Jul 08)
    - Re: DISA eliminating firewalls James Wright (Jul 11)
    - Re: DISA eliminating firewalls Gumennik, Mark J. (Jul 14)