Monday, July 15, 2013

firewall-wizards Digest, Vol 66, Issue 8

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: DISA eliminating firewalls (Gumennik, Mark J.)


----------------------------------------------------------------------

Message: 1
Date: Fri, 12 Jul 2013 14:26:04 +0000
From: "Gumennik, Mark J." <mgumennik@mitre.org>
Subject: Re: [fw-wiz] DISA eliminating firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Cc: "firewall-wizards@listserv.cybertrust.com"
<firewall-wizards@listserv.cybertrust.com>
Message-ID:
<158ACD5E364C204A83FBC2B5DC130E441F0693EA@IMCMBX04.MITRE.ORG>
Content-Type: text/plain; charset="us-ascii"

Take into consideration that DISA is a very large ISP and a huge bureaucracy. Firewall going away from ISP? - What else is new? Big Bosses discussing things they don't understand with authority? - what else is new?
DISA has been trying to implement it ever since the AF installed a similar infrastructure, which lead to even more firewall implementations due to segregation of functional networks (see the thread - Wi-Fi, phones, etc. need their own firewalled sub-netting if you properly designed your networks)
Firewalls evolving into more and more complex devices, incorporating IDS, IPS, VPN concentrators, etc. etc., but we still call them firewalls, whether it's packet filter or an app proxy (all vendors actually claim nowadays that they can do both - hmmm...). Call them whatever you want, but the functionality stays. We all know that we can't fully protect our networks no matter what we do; and the best we can do is to add layers of defense, not subtract them; and the FW functionality is the main layer I can think of for a long time.
So sleep well Firewall Wizards, you job is safe and is a good one :)

-- Mark


From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of James Wright
Sent: Monday, July 08, 2013 4:14 PM
To: Firewall Wizards Security Mailing List
Cc: firewall-wizards@listserv.cybertrust.com
Subject: Re: [fw-wiz] DISA eliminating firewalls

Agreed, I also do not see them going away. While BYOD is becoming a common practice, so is network segregation, such as separate wifi networks dedicated to personal devices. Just because they need connectivity for their device does not necessarily mean that it has to be direct connectivity to internal resources and it does not mean that every employee/user needs that level of connectivity. Vendors are getting better with the device VPN poducts as a method of internal access, which can include an endpoint compliance scan. This can ensure the device meets local policies (like not being on the cell or other networks too, having AV (for what it's worth), or other software/features). Often times the VPN options include turning off split-tunneling (forcing all data traffic through the VPN tunnel), and other proxy type options.


Regards,
James


On Sun, Jul 7, 2013 at 12:46 AM, kent <kent@songbird.com<mailto:kent@songbird.com>> wrote:
On 07/06/2013 08:55 AM, Crispin Cowan wrote:
> "What will happen when firewalls go away?" is a very good question, i
> don't have that answer. I simply assert that firewalls will go away,
> because they will become irrelevant. They are already barely relevant
> because of mobile devices. The threatscape is ignoring your firewall and
> walking straight through the front door attached to each individual
> worker in the form of a smart phone or a tablet. Not only do the users
> use them any way they want while away from the office, most of these
> devices are dual-homed to your network and a cellular network plumped
> right to the internet.
>
> It is neither my choice nor my wish that firewalls will go away, merely
> an inevitable consequence of pervasive mobile computing in the enterprise.
Firewalls will be with us for a long time to come. Old threats don't
become irrelevant just because there are powerful new threats.

Kent
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com<mailto:firewall-wizards@listserv.icsalabs.com>
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20130712/eea9b9a6/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 66, Issue 8
***********************************************

No comments:

Post a Comment