Firewall Wizards mailing list archives
Re: DISA eliminating firewalls
From: "Gumennik, Mark J." <mgumennik () mitre org>
Date: Fri, 12 Jul 2013 14:26:04 +0000
Take into consideration that DISA is a very large ISP and a huge bureaucracy. Firewall going away from ISP? - What else is new? Big Bosses discussing things they don't understand with authority? - what else is new? DISA has been trying to implement it ever since the AF installed a similar infrastructure, which lead to even more firewall implementations due to segregation of functional networks (see the thread - Wi-Fi, phones, etc. need their own firewalled sub-netting if you properly designed your networks) Firewalls evolving into more and more complex devices, incorporating IDS, IPS, VPN concentrators, etc. etc., but we still call them firewalls, whether it's packet filter or an app proxy (all vendors actually claim nowadays that they can do both - hmmm...). Call them whatever you want, but the functionality stays. We all know that we can't fully protect our networks no matter what we do; and the best we can do is to add layers of defense, not subtract them; and the FW functionality is the main layer I can think of for a long time. So sleep well Firewall Wizards, you job is safe and is a good one :) -- Mark From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of James Wright Sent: Monday, July 08, 2013 4:14 PM To: Firewall Wizards Security Mailing List Cc: firewall-wizards () listserv cybertrust com Subject: Re: [fw-wiz] DISA eliminating firewalls Agreed, I also do not see them going away. While BYOD is becoming a common practice, so is network segregation, such as separate wifi networks dedicated to personal devices. Just because they need connectivity for their device does not necessarily mean that it has to be direct connectivity to internal resources and it does not mean that every employee/user needs that level of connectivity. Vendors are getting better with the device VPN poducts as a method of internal access, which can include an endpoint compliance scan. This can ensure the device meets local policies (like not being on the cell or other networks too, having AV (for what it's worth), or other software/features). Often times the VPN options include turning off split-tunneling (forcing all data traffic through the VPN tunnel), and other proxy type options. Regards, James On Sun, Jul 7, 2013 at 12:46 AM, kent <kent () songbird com<mailto:kent () songbird com>> wrote: On 07/06/2013 08:55 AM, Crispin Cowan wrote:
"What will happen when firewalls go away?" is a very good question, i don't have that answer. I simply assert that firewalls will go away, because they will become irrelevant. They are already barely relevant because of mobile devices. The threatscape is ignoring your firewall and walking straight through the front door attached to each individual worker in the form of a smart phone or a tablet. Not only do the users use them any way they want while away from the office, most of these devices are dual-homed to your network and a cellular network plumped right to the internet. It is neither my choice nor my wish that firewalls will go away, merely an inevitable consequence of pervasive mobile computing in the enterprise.
Firewalls will be with us for a long time to come. Old threats don't become irrelevant just because there are powerful new threats. Kent _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com<mailto:firewall-wizards () listserv icsalabs com> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: DISA eliminating firewalls, (continued)
- Re: DISA eliminating firewalls Patrick M. Hausen (Jul 06)
- Re: DISA eliminating firewalls Tim Harris (Jul 06)
- Re: DISA eliminating firewalls Bennett Todd (Jul 05)
- Re: DISA eliminating firewalls Crispin Cowan (Jul 05)
- Re: DISA eliminating firewalls Claudio Telmon (Jul 06)
- Re: DISA eliminating firewalls Tim Harris (Jul 06)
- Re: DISA eliminating firewalls Crispin Cowan (Jul 06)
- Re: DISA eliminating firewalls Young,Greg (Jul 06)
- Re: DISA eliminating firewalls kent (Jul 08)
- Re: DISA eliminating firewalls James Wright (Jul 11)
- Re: DISA eliminating firewalls Gumennik, Mark J. (Jul 14)