Firewall Wizards mailing list archives
Re: Forrester Research foresees death of firewalls
From: Rama Kant <kant () adeptech com>
Date: Tue, 15 Jun 1999 20:51:48 -0400
I have a copy of this report. This is a general "management" type of document. This document *reiterates* some of the basic security principles but, turns others upside down, e.g., "allow unless explicitly denied" as opposed to "Deny unless explicitly allowed". This dictum itself from Forrester report writers shows the naivety of this report. It assumes that all threats are known, existent and non-existent ones. Is it really possible to know the whole universe of threats? Other dictums from this report, namely, Proactive and Accountability are not new at all. These security guidelines are followed for any sensible security implementation. This report sounds more like the "Revenge of the Users". I would like to see Foresster follow this approach in their security implementations. No respectable security professional will claim firewall to be a panacea, yet this so called new approach is portrayed as the security panacea. For example one of the claimed impact of the "Inverted Security" is that Encryption export controls will get wiped out! Rama Kant Adeptech Systems, Inc. At 10:05 AM 6/15/99 -0600, SMITH, Michael @Ottawa wrote:
Forrester has written a report called "Turning Security On Its Head." The basic premise is that "Access denial can't be the rule anymore; it must become the exception. Forrester calls this new approach Inverted Security.... By empowering businesses to make more information available to a wider audience, Inverted Security will facilitate more compelling Web sites and higher value extranets, thus improving return on security technology." What follows are some selected excerpts that deal with firewalls and may be of interest to this list. In a section titled "Today's Approach To Security Is Flawed," Forrester says, "An emphasis on locking everything down has caused most firms to invest almost exclusively in perimeter security like firewalls. As a result of this restrictive approach, many firms are oblivious to new technologies like application security middleware that enable easy access to corporate systems. These companies miss the eCommerce boat as more progressive competitors seek alternative ways to open up the back-end." The proposed rules of Inverted Security are: foster openness, shun complexity, share responsibility, and emphasize accountability. On this last point, the report notes, "Real-world business relationships are built on trust backed by accountability, not prevention." Expanding on the notion of sharing responsibility, the report says, "Deploying firewalls to deny bad connections, inspect content, authenticate users, and encrypt traffic will result in network traffic grinding to a halt. Instead, distribute protection throughout the enterprise using routers, Web servers, and application servers. Unite these components through hooks to x.509 certificates, LDAP directories, and policy management systems like Axent's Enterprise Security Manager." Finally, in a sort of footnote to the article, there is a small paragraph titled "Firewalls are overblown." "According to Jeff Schiller, security area director for the Internet Engineering Task Force, 'Firewalls have set the security industry back years. Not only are many firewalls riddled with holes, but they assume that there is a perimeter at the edge of the company, which just isn't true for the virtual corporation.' Firewalls aren't all that bad -- they have provided a stopgap measure for initial Internet security problems. However, we concur with Shiller [sic] that firewalls are no panacea. But before they get ripped out entirely, firewalls will continue in their roles as enforcement points." J. Michael Smith Senior IT Security Consultant EDS Systemhouse 613-236-6604 ext. 1646
Current thread:
- Forrester Research foresees death of firewalls SMITH, Michael @Ottawa (Jun 15)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)
- Re: Forrester Research foresees death of firewalls Rick Smith (Jun 16)
- Re: Forrester Research foresees death of firewalls Technical Incursion Countermeasures (Jun 16)
- Re: Forrester Research foresees death of firewalls Tim Kramer (Jun 16)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 20)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 21)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
- Re: Forrester Research foresees death of firewalls Kevin T. Shivers (Jun 20)
- Re: Forrester Research foresees death of firewalls Paul D. Robertson (Jun 20)
- Re: Forrester Research foresees death of firewalls Joseph S D Yao (Jun 21)
- <Possible follow-ups>
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 16)
(Thread continues...)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)