Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: DISA eliminating firewalls
From: Claudio Telmon <claudio () telmon org>
Date: Sat, 06 Jul 2013 14:10:18 +0200

On 07/05/2013 09:03 PM, Crispin Cowan wrote:
Firewalls are virtually guaranteed to disappear. The writing was on
the wall the first time “crunchy outside, gooey middle” was uttered.
Smart phones and tablets dig the hole deeper, and BYOD is the nail in
the coffin.

So you're planning to expose the gooey inside without the crunchy
outside? We need firewalls since we have systems/devices opening ports
and generating traffic you can't manage/block on the device itself
(especially without a company-owned personal firewall ;)). Firewalls are
a second line of defense after we tried to secure the systems/devices,
and were unable to get enough assurance from that part of the process.
In all these years, we didn't manage to secure company-owned desktops,
should we expect to secure BYOD smartphones and remove firewalls?
We can design wonderful models without firewalls, then models meet the
real devices and companies and fail. Not to say that firewalls are a
perfect solution, but they do avoid a lot of problems. Of course
firewalls need to evolve and control traffic at a different level, but
that's another story. We should not adopt security models that expect a
company to do something that it will never do, and securing smartphones
(more than current PCs) is something companies will never do.

BTW, when IPSs where introduced, some people stated that they would
replace firewalls, in a more functional and effective way. While IPSs
are just "default permit" firewalls, packet filters are still there ;)

- Claudio


Claudio Telmon
claudio () telmon org
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]