Firewall Wizards mailing list archives
Re: DISA eliminating firewalls
From: "Young,Greg" <Greg.Young () gartner com>
Date: Sat, 6 Jul 2013 18:33:26 +0000
BYOD doesn't mean give up on the network edge and firewalls. And a more complex Internet edge doesn't mean your data center doesn't need protecting from the outside and the WAN: just the opposite. This is why the increase in defence in depth. As long as end points are not all vulnerability free and all managed we can't exclusively rely on host security. And firewalls aren't the silver bullet, but they can sure narrow the aperture for attacks. This is a similar discussion to the ones a few years ago around the Jericho Forum. Anyone up for hanging their data server off the inet? Have an updated CV if you do. I think that article speaks more to the frustrations around data security really. Data security and network security aren't exclusive though. On 2013-07-06, at 12:11 PM, "Crispin Cowan" <crispin () crispincowan com<mailto:crispin () crispincowan com>> wrote: “What will happen when firewalls go away?” is a very good question, i don’t have that answer. I simply assert that firewalls will go away, because they will become irrelevant. They are already barely relevant because of mobile devices. The threatscape is ignoring your firewall and walking straight through the front door attached to each individual worker in the form of a smart phone or a tablet. Not only do the users use them any way they want while away from the office, most of these devices are dual-homed to your network and a cellular network plumped right to the internet. It is neither my choice nor my wish that firewalls will go away, merely an inevitable consequence of pervasive mobile computing in the enterprise. Sent from Windows Mail From: Tim Harris Sent: Saturday, July 6, 2013 8:11 AM To: Firewall Wizards Security Mailing List I don’t disagree with your comment about the crunchy outside/gooey middle but If firewalls are to go away, what will happen to the function they perform? Are we going to discard the entire function of coarse filtering? It has been amply demonstrated that the individual device is not currently capable of adequately defending itself. Going back to my other comment about many points of administration, is there a software package or system that can/will reduce it down to a manageable problem? Is there a “meta-admin” system out there or under development? From: firewall-wizards-bounces () listserv icsalabs com<mailto:firewall-wizards-bounces () listserv icsalabs com> [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Crispin Cowan Sent: Friday, July 05, 2013 12:04 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] DISA eliminating firewalls Firewalls are virtually guaranteed to disappear. The writing was on the wall the first time “crunchy outside, gooey middle” was uttered. Smart phones and tablets dig the hole deeper, and BYOD is the nail in the coffin. You cannot protect your networks in a world full of smart phones and tablets, owned by consumers, which must be allowed to connect to the network. The only thing you can do at that point is to stop trusting the network, and instead trust individual nodes, and use encrypted channels (IPsec, SSL, whatever) between nodes that trust each other. When this will happen is far less clear, and it may be that DISA is a bit premature here. But this is coming, get used to it. Sent from Windows Mail _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com<mailto:firewall-wizards () listserv icsalabs com> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards ________________________________ This e-mail message, including any attachments, is for the sole use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Gartner makes no warranty that this e-mail is error or virus free.
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: DISA eliminating firewalls, (continued)
- Re: DISA eliminating firewalls Árpád Magosányi (Jul 04)
- Re: DISA eliminating firewalls André Lima (Jul 04)
- Re: DISA eliminating firewalls Tim Harris (Jul 05)
- Re: DISA eliminating firewalls Patrick M. Hausen (Jul 06)
- Re: DISA eliminating firewalls Tim Harris (Jul 06)
- Re: DISA eliminating firewalls André Lima (Jul 04)
- Re: DISA eliminating firewalls Árpád Magosányi (Jul 04)
- Re: DISA eliminating firewalls Claudio Telmon (Jul 06)
- Re: DISA eliminating firewalls Tim Harris (Jul 06)
- Re: DISA eliminating firewalls Young,Greg (Jul 06)
- Re: DISA eliminating firewalls kent (Jul 08)
- Re: DISA eliminating firewalls James Wright (Jul 11)
- Re: DISA eliminating firewalls Gumennik, Mark J. (Jul 14)