I think it's misleading.

The article is titled "The Death Of A Firewall". Yet, in the fourth
paragraph, "By defining simple ACLs, we further isolate our backend
servers."

The word *firewall* is just another way to say ACL. But firewall has
somehow morphed into this word meaning that some *hardware device* needs
to be sitting between us and cruel world.

They should have titled the article "The Death of the single-function
hardware firewall appliance". Even so, I thought the content was pretty
worthless. Any administrator worth their salt knows that the firewall
is only a step in the total security of a solution. What the article
described is something that people have already been doing when building
new application networks. Until very recently, you couldn't do any
*stateful* ACLs with as many OS'es or network devices. Now that has
changed for the better I believe.

The firewall as the be-all/end-all appliance has been dead for years.
Why did we need someone to write an article that basically described
best-practices like it's some revelation?



James Paterson wrote:
> http://www.securitypipeline.com/165700439
>
> Be interesting to get the communities take on this article.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/li...rewall-wizards
>


_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards