Re: The Death Of A Firewall

[Josh Welch <jwelch () buffalowildwings com>]

James Paterson wrote:
> http://www.securitypipeline.com/165700439
>
> Be interesting to get the communities take on this article.

"We can do that now, thanks to layer-3 data center switches that allow
for the low-cost creation of subnets. By defining simple ACLs, we
further isolate our backend servers."

Hmm, seperating machines into security specific zones and regulating the
traffic between them....nope, no firewall here.

"The servers and their respective applications sit in their own DMZ,
protected by an Application-layer firewall. We organize servers into
three tiers: The first tier consists of presentation servers such as Web
and e-mail servers--these are the only servers accessible to end users.
The second tier, made up of application and middleware servers, is in
turn only accessible to the presentation servers. Finally, the third
tier, consisting of the database servers, is only accessible to the
application and middleware servers."

Yep, the've done an excellent job at removing the old scourge to
productivity, the firewall.

"The price tag of such a hardware-intensive architecture may seem high,
but virtualization software allows us to deploy all three tiers within
the same server."

Ahh, they've virtualized it so the firewalls don't really exist.

I read this earlier and my impression then as now is that the title of
the article is horribly misleading. While they do appear to be trying to
get away from the crunchy outside chewy inside model, they are doing it
by increasing the use of security strategies that seem an awful lot like
firewalls to me. This is probably a good thing overall, but the way the
article is presented certain PHB types could get the wrong impression.

Josh
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards