Network Magazine just published my piece about the Death of a Firewall. It is fairly condensed and the editor, David Greenfield, did a fine job with my more verbose draft. I encourage you to send your feedback to the magazine and copy me as well (or copy to this post as a comment). This was a great experience in summarizing a topic that needs a lot more space to cover in technical detail - perhaps one day I can publish a more detailed article. I hadn't expected my family to be so excited about this accomplishment, it certainly makes me feel good.
The rest of my family is now out of state visiting relatives which leaves me an abundance of time to... study for my GSEC recertification. Oh - the life of a geek... truly glamorous. I studied for about a month for my original tests but this time I'll give myself three nights since I have a deadline of June 29 so my blogging may be light for a few days. Or then again...
Update:
Getting some recognition on SlashDot
Interesting article!!
Posted by: Dan | June 10, 2005 at 11:10 PM
Stu, good job!
Saar.
Posted by: Saar Drimer | June 17, 2005 at 01:03 AM
Nice work, Stu!
Posted by: Darrin Wassom | June 17, 2005 at 10:51 AM
Great article.
At the risk of being too self-serving, I have just recorded a webcast with SearchSecurity.com on the same concept but at a larger scale: the fallacy of defence in depth. The basic premise is that each layer is not at all perfect, and that the weaknesses of the interactions beteween the elements of each layer and between the layers cripples security. This piece makes the same point, I think, about firewalls alone, but the challenge I believe goes to most of the security systems we deploy. We tune out the IDS thanks to fals positives for example. We can't patch in time but we kid oursleves that we're invulnerable. Each of these technologies is just a year or two behind where the firewall is now, and none of them - not one - address the ultimate weak link - himan beings and social engineering.
A slightly broader discussion and a link to the webcast (registration required, can't change that, but you've been warned) is at http://www.openservice.com/blogs/2005/06/webcast-want-better-security-how-to.jsp
FWIW
Phil
Posted by: Phil Hollows | June 17, 2005 at 11:00 PM
You guys are trying to make me blush ;)
And thanks Phil - I took the opportunity to listen to your webcast (love the stuff at SearchSecurity and they put on a great conference) and couldn't agree with you more. I like your take at the failing of Defense In Depth. I have felt strongly that the inability to enforce security should be balanced by the ability to monitor (similar to the parking lot cameras in England). I'll try to post a comment on your blog soon.
Posted by: Stuart Berman | June 19, 2005 at 10:28 PM
Great article again, Stuart.
And great point, Phil. Related to the concept of defense-in-depth is offense-in-depth. The widespread use of either weakens the importance of firewalls, as Stuart's article aptly demonstrates.
Posted by: Dan | June 22, 2005 at 10:43 PM