Re: The Death Of A Firewall

[Christine Kronberg <Christine_Kronberg () genua de>]

On Mon, 18 Jul 2005, Martin Hoz wrote:
> On 7/9/05, James Paterson <jpaterson () datamirror com> wrote:
> > http://www.securitypipeline.com/165700439
> >
> > Be interesting to get the communities take on this article.
>
> I'd like to raise a couple of things:
> A) the article says " By defining simple ACLs, we further isolate our
> backend servers" - I ask, is not an ACL a firewall after all? - Packet
> filter, but I think it fits in the definition of a firewall.

  I disagree. A firewall is far more than a simple packet filter.
  There is whole concept to fulfil.

> So, this makes me thing the author still thinks that some form of
> firewall still has some use in the network, AFA I can tell
>
> B) "The servers and their respective applications sit in their own
> DMZ, protected by an Application-layer firewall". So, an application
> firewall still has some uses too...

  Yes, definitely. :-)

> I find the article interesting but contradictory... because, if the
> firewall is dead, how come there are still good uses to it?

  Perhaps because "a" firewall is not "the" firewall? I, too, think
  that there are several points open for discussion. I like the idea
  of thinking the internal clients as not safe and putting them on the
  same stage as the external clients.
  There was something said about that "secure OS" ... and then ADS was
  mentioned. I wonder how that is supposed to work together. Also that
  part about middleware. Most middleware implementations I'm aware of
  are a nightmare for security.

  Yet, that article gave room for thinking and rethinking.

  Have fun,


                                                    Chris Kronberg.


--
GeNUA
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards