mailing list archives
Re: DISA eliminating firewalls
From: Bennett Todd <bet () rahul net>
Date: Fri, 5 Jul 2013 11:07:34 -0400
Thanks for sharing that provocative article.
I find this peculiarly annoying. It seems to use the noun
Firewall in the belief that there's a definition that everyone agrees
Ever since the argument began between advocates of packet filters and
those who favour application-level proxies, I've been using a
definition, which I'm sure I borrowed from someone else: a system,
deployed at a network traffic choke point, to help implement that
portion of a security policy that can be expressed in terms of traffic
I'd like to hope that what the author is describing is an effort to
shift security towards the edges of the network, where both the data
and the diversity hang out.
But if the need to attempt to enforce security policy on network
traffic is still present, there's still going to be a need for a
firewall; and if it morphs into a management tool for coordinating all
the vast array of control tools on everything from phones to printers
to network attached storage to routers, I'm not terribly optimistic.
<bet () rahul net>
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
Re: DISA eliminating firewalls Bennett Todd (Jul 05)