Firewall Wizards mailing list archives
Re: FW: Forrester Research foresees death of firewalls
From: David LeBlanc <dleblanc () mindspring com>
Date: Tue, 22 Jun 1999 09:53:30 -0700
At 02:30 PM 6/22/99 +1000, you wrote:
Just look at the Tecoma bridge which was supposed to be "strong enough".
It was strong enough. Handling the loads wasn't the issue. The problem was that the resonant frequency could be hit by high wind speeds. You could have built that same bridge twice as strong, and it still would have collapsed. OTOH, you could have redesigned so that the resonant frequency couldn't have been hit, not changed the loading factors a bit, and it would still be there.
Better to design it properly from the start.
That means that you understand all the parameters from the start. Until then, civil engineers didn't understand wind loading very well. Once they understood what happened, they haven't had any recurrances that I'm aware of. Should have consulted some aerospace engineers, but that's another story. You run into a similar sort of issue with aircraft wings. As the plane flies, the aerodynamic loading puts a twist on the wing so that the end of the wing has a higher angle of attack than the root. One day we worked out the equation for just how much twist you'd get in the wing given the structural properties and the loading. Long, boring 45 minutes to produce a horrible equation. Then the prof asked us what we thought happened when the denomenator approached zero. A hush fell over the class as we pictured wingless planes falling out of the sky. Took the bottom half of the equation, set it to zero, and worked that out - we then had the equation to predict the highest airspeed that any given aircraft could handle. Seems that at that point, it takes a infinitesimally small perturbation to produce an infinitely large twist in the wing. Note that at that point, the _strength_ of the wing isn't really a factor - changes in strength can move up and down the speed at which this occurs, but there is always a speed where the wings snap like twigs - and note that it isn't practical to build them where this can't be reached - it won't fly. Which brings me back to security - until you understand all the parameters and the requirements, you're not going to be able to come up with a proper design. And as the Tacoma Narrows bridge illustrates, occasionally something comes along to remind you quite abruptly that you're not omniscient and that you usually can't quite understand ALL the parameters until you've gotten another lesson from the school of hard knocks. We're only just beginning to understand how to secure a computer network - most of the tools that we use to do this job are in their infancy. Vulnerability scanners and IDS are especially crude devices (no offense intended to any given vendor). Personally, I can't see where you could have a large network that didn't utilize firewalls - I don't think you'll ever get a big network where enough of the workstations are properly secured to allow it. You could possibly build a very restricted limited network that could demonstrate a firewall-less network, but when you've got tens of thousands of users, and admins who don't all have clues, I want to see tightly regulated chokepoints run by someone I trust. Also, I don't know if we'll ever see real security at the application side - too many app vendors have trouble building apps that work at all, much less secure apps. David LeBlanc dleblanc () mindspring com
Current thread:
- RE: Forrester Research foresees death of firewalls, (continued)
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 16)
- Re: Forrester Research foresees death of firewalls Robert Graham (Jun 20)
- Re: Forrester Research foresees death of firewalls Bennett Todd (Jun 21)
- Re: Forrester Research foresees death of firewalls David LeBlanc (Jun 21)
- Re: Forrester Research foresees death of firewalls Bennett Todd (Jun 21)
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 20)
- RE: Forrester Research foresees death of firewalls sean . kelly (Jun 21)
- RE: Forrester Research foresees death of firewalls Doug Hughes (Jun 22)
- Re: Forrester Research foresees death of firewalls Stephen P. Berry (Jun 22)
- RE: Forrester Research foresees death of firewalls Doug Hughes (Jun 22)
- FW: Forrester Research foresees death of firewalls Harvey Nusz (Jun 21)
- Re: FW: Forrester Research foresees death of firewalls Darren Reed (Jun 22)
- Re: FW: Forrester Research foresees death of firewalls David LeBlanc (Jun 22)
- Re: FW: Forrester Research foresees death of firewalls Darren Reed (Jun 22)