Firewall Wizards mailing list archives
Re: Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA
From: "Magosányi Árpád" <m4gw4s () gmail com>
Date: Thu, 27 Mar 2008 07:58:11 +0100
2008/3/26, Marcus J. Ranum <mjr () ranum com>:
What you have done is rediscovered the "incoming traffic problem" - which is a primary property of firewalls that has been well-understood since the early 1990s. You're correct that many firewalls (especially the packet-oriented ones or the so-called 'stateful' ones) don't do anything useful at layer-7, and serve primarily to force traffic to an application service which needs to be tough enough to withstand direct attack specific to that service. And, yes, with things like "everything tunnelled over web services" remote procedure calls, the complete set of protocol options at layer-7 is too large to be controlled, enumerated, or understood - which means that effectively you are doomed to intermittent epic failures.
I think that the problem is a bit (yes, just a bit) more manageable than that. Although there are the complete set of protocol options is very large, with good design practices one can keep the set of actually used options small. (Well, if everything had been designed with good practices in mind, there was not need for firewalls... So the other short answer is "yes": as firewall is a bandaid solution, they are not useful anymore: you cannot do anything useful with a bandaid when the patient had his head blown off.) _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA william fitzgerald (Mar 26)
- Re: Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA Joe Nall (Mar 26)
- Re: Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA Marcus J. Ranum (Mar 26)
- Re: Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA william fitzgerald (Mar 26)
- Re: Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA Magosányi Árpád (Mar 27)
- Re: Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA Paul Melson (Mar 28)
- Re: Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA ArkanoiD (Mar 27)