mailing list archives
Why Firewalls Are Uninteresting?
From: Árpád Magosányi <mag () magwas rulez org>
Date: Tue, 01 Jul 2014 08:02:41 +0200
Okay, here is my 5 cents for popcorn :)
One of the core tasks of network perimeter defence is to keep the
structure of the network - hence the application architecture - in
shape, and provide information flow control on the macroarchitecture
level. This is what the Red Book is about, and the Red Book is the most
thoroughly forgotten piece of knowledge in IT security if not in IT as a
If you take a look at the Red Book - I mean the concepts. Do not get
distracted by the language or little details - you will find a whole
book with the title containing network, but talking about application
macroarchitecture and infrastructures. Big mistake? No and yes. No,
because macroarchitecture is what should (have been) define(d) network
structure. Yes, because there are no more than 3 people left (4 with you
now), who knows where to look at knowledge about how to build secure
So now we have network security, which should be treated at the very
first step of development - sketching macroarchitecture and enterprise
architectural guidelines -, usually treated at the last step "hey, we
have this host with some apps on it, lease put it to the network
somehow", using equipment utterly unsuitable for the task (yes, stateful
packet filter vendors, I am pointing at you).
So some people went to other areas with more probability of success, the
most have died in boredom, and here we are who have left because we like
to do impossible missions with unsuitable tools.
Oh, wait, I am not even here. I do enterprise architecture, not network
security. Did I mention the Red Book yet?
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
- Why Firewalls Are Uninteresting? Árpád Magosányi (Jul 02)