Skip to content

Security without firewalls: Sensible or silly?

For years, infosec experts have called the firewall a critical ingredient to security, whether it’s in a large enterprise or on a home PC. But the San Diego Supercomputer Center (SDSC) has defied that logic with what some would consider surprising success.

Personally, I think that this is a wrong approach.

A firewall is just another device in the security design of the network. He is essentially using firewalls on all his hosts, if I am understanding the article correctly. A centrally managed firewall is going to help regardless if you have firewalls running on the hosts. Imagine if you have someone attacking your network with a DDOS. Theoretically, this is going to be stopped at the border by your firewall. If you did not have a device to block this traffic, now your LAN is going to be flooded with traffic. In addition, each host is now going to waste processing cycles to determine whether the influx of traffic is valid or not.

I will agree that an overly complex firewall setup just confuses things and becomes harder to manage. Also, there are some people out there who go crazy with their physical and logical seperation of network segments. However, firewalls used in an intelligent manner is just another tool in the arsenal of security professional against attacks. Antivirus is another such tool.

Unfortunately, most users today do not realize when they jepordize the security of their machine. However, as a security professional, in addition to training the users to not do these things, we must provide a secure and mangable infrastructure for the users to use.

I do agree with this statement, however: “If I want to steal from a bank, I won’t try to punch through their firewall. I’ll get a job in the mailroom.” I believe that the majority of security concerns are caused by people already on the inside.

read more | digg story

Post a Comment

You must be logged in to post a comment.