Firewall Wizards mailing list archives
Re: The Death Of A Firewall
From: Josh Welch <jwelch () buffalowildwings com>
Date: Tue, 19 Jul 2005 09:07:30 -0500
James Paterson wrote:
http://www.securitypipeline.com/165700439 Be interesting to get the communities take on this article.
"We can do that now, thanks to layer-3 data center switches that allow for the low-cost creation of subnets. By defining simple ACLs, we further isolate our backend servers." Hmm, seperating machines into security specific zones and regulating the traffic between them....nope, no firewall here. "The servers and their respective applications sit in their own DMZ, protected by an Application-layer firewall. We organize servers into three tiers: The first tier consists of presentation servers such as Web and e-mail servers--these are the only servers accessible to end users. The second tier, made up of application and middleware servers, is in turn only accessible to the presentation servers. Finally, the third tier, consisting of the database servers, is only accessible to the application and middleware servers." Yep, the've done an excellent job at removing the old scourge to productivity, the firewall. "The price tag of such a hardware-intensive architecture may seem high, but virtualization software allows us to deploy all three tiers within the same server." Ahh, they've virtualized it so the firewalls don't really exist. I read this earlier and my impression then as now is that the title of the article is horribly misleading. While they do appear to be trying to get away from the crunchy outside chewy inside model, they are doing it by increasing the use of security strategies that seem an awful lot like firewalls to me. This is probably a good thing overall, but the way the article is presented certain PHB types could get the wrong impression. Josh _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- The Death Of A Firewall James Paterson (Jul 18)
- Message not available
- Re: The Death Of A Firewall Marcus J. Ranum (Jul 21)
- Message not available
- Re: The Death Of A Firewall Kerry Thompson (Jul 21)
- Re: The Death Of A Firewall Martin Hoz (Jul 21)
- Re: The Death Of A Firewall Christine Kronberg (Jul 21)
- Re: The Death Of A Firewall Devdas Bhagat (Jul 21)
- Re: The Death Of A Firewall Victor Williams (Jul 21)
- Re: The Death Of A Firewall Josh Welch (Jul 21)
- Re: The Death Of A Firewall Kevin (Jul 21)
- <Possible follow-ups>
- RE: The Death Of A Firewall bill.price (Jul 21)