The Death Of A Firewall
Source: Security Pipeline - Posted by Pax Dickinson   
Firewalls Three years ago, I proposed to our technology architects that we eliminate our network firewalls. Today, we're close to achieving that goal. Back then, I thought that network-based firewalls were losing their effectiveness, enabling a mind-set that was flawed. Today, I'm certain.

Perimeter security was originally intended to allow us to operate with the confidence that our information and content wouldn't be stolen or otherwise abused. Instead, the firewall has slowed down application deployment, limiting our choice of applications and increasing our stress.

To make matters worse, we constantly heard that something was safe because it was inside our network. Who thinks that the bad guys are outside the firewall and the good guys are in? A myriad of applications, from Web-based mail to IM to VoIP, can now tunnel through or bypass the firewall. At the same time, new organizational models embrace a variety of visitors, including contractors and partners, into our networks. Nevertheless, the perimeter is still seen as a defense that keeps out bad behavior. Taking that crutch away has forced us to rethink our security model.

Our new security posture gives our users access to more applications regardless of their location and without sacrificing security. The new security architecture isn't focused on our network firewall. Instead, we embed security within our internal network. This begins with separating our servers from our clients. We can do that now, thanks to layer-3 data center switches that allow for the low-cost creation of subnets. By defining simple ACLs, we further isolate our backend servers.

Read this full article at Security Pipeline

Only registered users can write comments.
Please login or register.

Powered by AkoComment!