» History Lesson

March 2nd, 2006 by Chandler Howell

1994:

“Firewalls are a stop gap measure needed because many services are developed that operate either with poor security or no security at all.”
- Cheswick & Bellovin, “Repelling the Wily Hacker”

2006:

Firewalls are still needed.
Services still generally operate with either poor security or no security at all.
Services view firewalls as impediments to be routed around, and do so quite well.

Firewalls protect the network and, to a certain extent, services by limiting the amount of undesirable traffic reaching those services. But these days, they do very little to protect actual information.

The biggest threat to information is still people. While you can certainly reduce the population of the threat, all that perimeter firewalls do is limit the scope of the threat to employees, contractors, partners, outsourcers, separated employees whose VPN access was never deprovisioned, and the family members of anyone else with VPN access.

Just a little something to think about going into the weekend.

- Posted in Security and Risk Management, Risk Management, Network Security

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


« GoToMyPC redux
Birds of a Feather »


- Leave a Reply