Re: FW: Forrester Research foresees death of firewalls

[David LeBlanc <dleblanc () mindspring com>]

At 02:30 PM 6/22/99 +1000, you wrote:

> Just look at the Tecoma bridge which was supposed to be "strong enough".

It was strong enough.  Handling the loads wasn't the issue. The problem was
that the resonant frequency could be hit by high wind speeds.  You could
have built that same bridge twice as strong, and it still would have
collapsed.  OTOH, you could have redesigned so that the resonant frequency
couldn't have been hit, not changed the loading factors a bit, and it would
still be there.

> Better to design it properly from the start.

That means that you understand all the parameters from the start.  Until
then, civil engineers didn't understand wind loading very well.  Once they
understood what happened, they haven't had any recurrances that I'm aware
of.  Should have consulted some aerospace engineers, but that's another story.

You run into a similar sort of issue with aircraft wings.  As the plane
flies, the aerodynamic loading puts a twist on the wing so that the end of
the wing has a higher angle of attack than the root.  One day we worked out
the equation for just how much twist you'd get in the wing given the
structural properties and the loading.  Long, boring 45 minutes to produce
a horrible equation.  Then the prof asked us what we thought happened when
the denomenator approached zero.  A hush fell over the class as we pictured
wingless planes falling out of the sky.  Took the bottom half of the
equation, set it to zero, and worked that out - we then had the equation to
predict the highest airspeed that any given aircraft could handle.  Seems
that at that point, it takes a infinitesimally small perturbation to
produce an infinitely large twist in the wing.  Note that at that point,
the _strength_ of the wing isn't really a factor - changes in strength can
move up and down the speed at which this occurs, but there is always a
speed where the wings snap like twigs - and note that it isn't practical to
build them where this can't be reached - it won't fly.

Which brings me back to security - until you understand all the parameters
and the requirements, you're not going to be able to come up with a proper
design.  And as the Tacoma Narrows bridge illustrates, occasionally
something comes along to remind you quite abruptly that you're not
omniscient and that you usually can't quite understand ALL the parameters
until you've gotten another lesson from the school of hard knocks.  We're
only just beginning to understand how to secure a computer network - most
of the tools that we use to do this job are in their infancy.
Vulnerability scanners and IDS are especially crude devices (no offense
intended to any given vendor).

Personally, I can't see where you could have a large network that didn't
utilize firewalls - I don't think you'll ever get a big network where
enough of the workstations are properly secured to allow it.  You could
possibly build a very restricted limited network that could demonstrate a
firewall-less network, but when you've got tens of thousands of users, and
admins who don't all have clues, I want to see tightly regulated
chokepoints run by someone I trust.  Also, I don't know if we'll ever see
real security at the application side - too many app vendors have trouble
building apps that work at all, much less secure apps.


David LeBlanc
dleblanc () mindspring com