Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Why Firewalls Are Uninteresting?
From: "Darden, Patrick" <Patrick.Darden () p66 com>
Date: Wed, 2 Jul 2014 08:58:04 -0500

Part One of the Red book (Trusted Network Interpretation):

--Patrick Darden

-----Original Message-----
From: firewall-wizards-bounces () listserv cybertrust com [mailto:firewall-wizards-bounces () listserv cybertrust com] 
On Behalf Of Árpád Magosányi
Sent: Tuesday, July 01, 2014 1:03 AM
To: firewall-wizards () listserv cybertrust com
Subject: [EXTERNAL][fw-wiz] Why Firewalls Are Uninteresting?

Okay, here is my 5 cents for popcorn :)

One of the core tasks of network perimeter defence is to keep the structure of the network - hence the application 
architecture - in shape, and provide information flow control on the macroarchitecture level. This is what the Red Book 
is about, and the Red Book is the most thoroughly forgotten piece of knowledge in IT security if not in IT as a whole.

If you take a look at the Red Book - I mean the concepts. Do not get distracted by the language or little details - you 
will find a whole book with the title containing network, but talking about application macroarchitecture and 
infrastructures. Big mistake? No and yes. No, because macroarchitecture is what should (have been) define(d) network 
structure. Yes, because there are no more than 3 people left (4 with you now), who knows where to look at knowledge 
about how to build secure enterprise architecture.

So now we have network security, which should be treated at the very first step of development - sketching 
macroarchitecture and enterprise architectural guidelines -, usually treated at the last step "hey, we have this host 
with some apps on it, lease put it to the network somehow", using equipment utterly unsuitable for the task (yes, 
stateful packet filter vendors, I am pointing at you).

So some people went to other areas with more probability of success, the most have died in boredom, and here we are who 
have left because we like to do impossible missions with unsuitable tools.

Oh, wait, I am not even here. I do enterprise architecture, not network security. Did I mention the Red Book yet?

firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]