Search This Blog

Saturday, July 06, 2013

firewall-wizards Digest, Vol 66, Issue 4

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: DISA eliminating firewalls (Claudio Telmon)
2. Re: DISA eliminating firewalls (Tim Harris)


----------------------------------------------------------------------

Message: 1
Date: Sat, 06 Jul 2013 14:10:18 +0200
From: Claudio Telmon <claudio@telmon.org>
Subject: Re: [fw-wiz] DISA eliminating firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <51D8092A.7090204@telmon.org>
Content-Type: text/plain; charset=windows-1252

On 07/05/2013 09:03 PM, Crispin Cowan wrote:
> Firewalls are virtually guaranteed to disappear. The writing was on
> the wall the first time ?crunchy outside, gooey middle? was uttered.
> Smart phones and tablets dig the hole deeper, and BYOD is the nail in
> the coffin.

So you're planning to expose the gooey inside without the crunchy
outside? We need firewalls since we have systems/devices opening ports
and generating traffic you can't manage/block on the device itself
(especially without a company-owned personal firewall ;)). Firewalls are
a second line of defense after we tried to secure the systems/devices,
and were unable to get enough assurance from that part of the process.
In all these years, we didn't manage to secure company-owned desktops,
should we expect to secure BYOD smartphones and remove firewalls?
We can design wonderful models without firewalls, then models meet the
real devices and companies and fail. Not to say that firewalls are a
perfect solution, but they do avoid a lot of problems. Of course
firewalls need to evolve and control traffic at a different level, but
that's another story. We should not adopt security models that expect a
company to do something that it will never do, and securing smartphones
(more than current PCs) is something companies will never do.

BTW, when IPSs where introduced, some people stated that they would
replace firewalls, in a more functional and effective way. While IPSs
are just "default permit" firewalls, packet filters are still there ;)

- Claudio

--

Claudio Telmon
claudio@telmon.org
http://www.telmon.org


------------------------------

Message: 2
Date: Fri, 5 Jul 2013 18:03:23 -0700
From: Tim Harris <tim@fbnservices.us>
Subject: Re: [fw-wiz] DISA eliminating firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<E8A5605884B22D4BBCD12F82692732585BC0D5D14F@FBN.fbnservices.us>
Content-Type: text/plain; charset="utf-8"

I don?t disagree with your comment about the crunchy outside/gooey middle but If firewalls are to go away, what will happen to the function they perform? Are we going to discard the entire function of coarse filtering? It has been amply demonstrated that the individual device is not currently capable of adequately defending itself.

Going back to my other comment about many points of administration, is there a software package or system that can/will reduce it down to a manageable problem? Is there a ?meta-admin? system out there or under development?

From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of Crispin Cowan
Sent: Friday, July 05, 2013 12:04 PM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] DISA eliminating firewalls

Firewalls are virtually guaranteed to disappear. The writing was on the wall the first time ?crunchy outside, gooey middle? was uttered. Smart phones and tablets dig the hole deeper, and BYOD is the nail in the coffin.

You cannot protect your networks in a world full of smart phones and tablets, owned by consumers, which must be allowed to connect to the network. The only thing you can do at that point is to stop trusting the network, and instead trust individual nodes, and use encrypted channels (IPsec, SSL, whatever) between nodes that trust each other.

When this will happen is far less clear, and it may be that DISA is a bit premature here. But this is coming, get used to it.

Sent from Windows Mail


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130705/2d7cbd7f/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 66, Issue 4
***********************************************
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)