Re: DISA eliminating firewalls

[Bennett Todd <bet () rahul net>]

Thanks for sharing that provocative article.

I find this peculiarly annoying. It seems to use the noun
Firewall in the belief that there's a definition that everyone agrees
on.

Ever since the argument began between advocates of packet filters and
those who favour application-level proxies, I've been using a
definition, which I'm sure I borrowed from someone else: a system,
deployed at a network traffic choke point, to help implement that
portion of a security policy that can be expressed in terms of traffic
flows.

I'd like to hope that what the author is describing is an effort to
shift security towards the edges of the network, where both the data
and the diversity hang out.

But if the need to attempt to enforce security policy on network
traffic is still present, there's still going to be a need for a
firewall; and if it morphs into a management tool for coordinating all
the vast array of control tools on everything from phones to printers
to network attached storage to routers, I'm not terribly optimistic.

-Bennett
<bet () rahul net>

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards