On Mon, 18 Jul 2005, Martin Hoz wrote:
> On 7/9/05, James Paterson wrote:
>> http://www.securitypipeline.com/165700439
>> Be interesting to get the communities take on this article.

> I'd like to raise a couple of things:
> A) the article says " By defining simple ACLs, we further isolate our
> backend servers" - I ask, is not an ACL a firewall after all? - Packet
> filter, but I think it fits in the definition of a firewall.

I disagree. A firewall is far more than a simple packet filter.
There is whole concept to fulfil.

> So, this makes me thing the author still thinks that some form of
> firewall still has some use in the network, AFA I can tell
> B) "The servers and their respective applications sit in their own
> DMZ, protected by an Application-layer firewall". So, an application
> firewall still has some uses too...

Yes, definitely. :-)

> I find the article interesting but contradictory... because, if the
> firewall is dead, how come there are still good uses to it?

Perhaps because "a" firewall is not "the" firewall? I, too, think
that there are several points open for discussion. I like the idea
of thinking the internal clients as not safe and putting them on the
same stage as the external clients.
There was something said about that "secure OS" ... and then ADS was
mentioned. I wonder how that is supposed to work together. Also that
part about middleware. Most middleware implementations I'm aware of
are a nightmare for security.

Yet, that article gave room for thinking and rethinking.

Have fun,

Chris Kronberg.

firewall-wizards mailing list