Firewall Wizards mailing list archives

Re: Forrester Research foresees death of firewalls

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 21 Jun 1999 11:33:39 -0400 (EDT)

OK, forgive my daftness, but why would an e-commerce site need to have
"easy access to corporate systems"?  I would think that e-commerce systems
would be fairly self contained and could all be placed in front of the
firewall or in the DMZ.  I would think that most of the commerce
related systems (web server, inventory, payment and order systems, etc.) 
of big e-commerce sites like amazon.com would be this way and the rest of
the systems (corporate, accounting, IT, what have you) would be well
protected behind a firewall or two.


They probably still don't teach Ec or Business [real business vs typing
and using word processors] in high schools.  I avoided such classes in
college, myself; but was tricked into one because it was labelled
"Software Engineering".  Most instructive.  ;-)

Selling does not occur in a vacuum.  The output has to go to
Production, Delivery, Inventory, Manufacturing, even [perhaps driven
by] Marketing; and then [most importantly] Billing and Accounts
Payable.  All of these are INTERNAL corporate functions, and are mostly
integral parts of the Corporate Accounting system.

The trick is to loosely couple the inside and outside, rather than
tightly couple them; but still be able to reliably authenticate
purchasers.

If your outside [e-commerce] is tightly coupled to the inside, then
anyone who subverts the web site has your entire operation by its most
sensitive parts.  If it is loosely coupled, then where is your
authentication database?  How can you verify that what's coming in is
REALLY what the customer ordered?  How can you verify that it was
really your customer?

These are hard but not intractable problems.  Some prefer the easy
answers [that ignore such questions].

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.

Current thread:

Forrester Research foresees death of firewalls SMITH, Michael @Ottawa (Jun 15)
- Re: Forrester Research foresees death of firewalls Rama Kant (Jun 15)
  - Re: Forrester Research foresees death of firewalls Rick Smith (Jun 16)
- Re: Forrester Research foresees death of firewalls Technical Incursion Countermeasures (Jun 16)
- Re: Forrester Research foresees death of firewalls Tim Kramer (Jun 16)
- Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 20)
  - Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 20)
    - Re: Forrester Research foresees death of firewalls Adam Shostack (Jun 21)
- Re: Forrester Research foresees death of firewalls Kevin T. Shivers (Jun 20)
  - Re: Forrester Research foresees death of firewalls Paul D. Robertson (Jun 20)
  - Re: Forrester Research foresees death of firewalls Joseph S D Yao (Jun 21)
- <Possible follow-ups>
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 16)
- Re: Forrester Research foresees death of firewalls Robert Graham (Jun 20)
  - Re: Forrester Research foresees death of firewalls Bennett Todd (Jun 21)
    - Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 21)
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 20)
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 21)
  - RE: Forrester Research foresees death of firewalls Doug Hughes (Jun 22)
    - Re: Forrester Research foresees death of firewalls Stephen P. Berry (Jun 22)
- FW: Forrester Research foresees death of firewalls Harvey Nusz (Jun 21)
  - Re: FW: Forrester Research foresees death of firewalls Darren Reed (Jun 22)

(Thread continues...)