Firewall Wizards mailing list archives
RE: The Death Of A Firewall
From: <bill.price () cox net>
Date: Tue, 19 Jul 2005 12:45:40 -0400
For reference, here's the article link again: http://www.securitypipeline.com/165700439 1) Life is a lot better with layer 3 switching. If you don't have that, however, it is not clear how one reaps the benefits being advocated by this article...even with the AV, tiered servers, application-layer firewalls, and PKI benefits listed. The original mind-set wasn't flawed; new technology allowed the same problems to be approached in a different fashion. 2) Not seeing anymore about the company where the author worked his magic, I can only assume that his application development staff has some of the same problems that I've witnessed the last 20 years or so. That is a) they are somewhat dense regarding how to develop secure networked applications, so b) the network folks have to build security into other areas so unsafe apps play well with others. 3) It isn't clear if the new network has multiple application layer firewalls or not. If it does, I don't see how the new network has improved much beyond network-layer firewalls. A significant protective burden (not to mention administrative burden to manage multiple systems) is still borne by firewalls. If it has only one, how true an application-layer firewall has been deployed? Email isn't ftp isn't ... 4) Clients in the clear? I can only assume the CM is better at his place of work than mine. Unless there is a complete prohibition on downloading/installing the tool de jour, I don't see how the security environment is improved. I'd also like to know a bit more about the PKI implementation: is this a single sign on environment? How do you protect the integrity of the certificate on corporate laptops? What level of effort was required to integrate PKI (if any) into the services his network supports? 5) It looks to me that the author works for a company that forced a default allow security policy on him to support AD...he made the best of a tough situation. I bet his monitoring capability employs a bunch of new people now. :-) My $0.02. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- The Death Of A Firewall James Paterson (Jul 18)
- Message not available
- Re: The Death Of A Firewall Marcus J. Ranum (Jul 21)
- Message not available
- Re: The Death Of A Firewall Kerry Thompson (Jul 21)
- Re: The Death Of A Firewall Martin Hoz (Jul 21)
- Re: The Death Of A Firewall Christine Kronberg (Jul 21)
- Re: The Death Of A Firewall Devdas Bhagat (Jul 21)
- Re: The Death Of A Firewall Victor Williams (Jul 21)
- Re: The Death Of A Firewall Josh Welch (Jul 21)
- Re: The Death Of A Firewall Kevin (Jul 21)
- <Possible follow-ups>
- RE: The Death Of A Firewall bill.price (Jul 21)