Re: [fw-wiz] The Death Of A Firewall

From: Josh Welch (
Date: 07/19/05

  • Next message: Kevin: "Re: [fw-wiz] The Death Of A Firewall"
    Date: Tue, 19 Jul 2005 09:07:30 -0500

    James Paterson wrote:
    > Be interesting to get the communities take on this article.

    "We can do that now, thanks to layer-3 data center switches that allow
    for the low-cost creation of subnets. By defining simple ACLs, we
    further isolate our backend servers."

    Hmm, seperating machines into security specific zones and regulating the
    traffic between them....nope, no firewall here.

    "The servers and their respective applications sit in their own DMZ,
    protected by an Application-layer firewall. We organize servers into
    three tiers: The first tier consists of presentation servers such as Web
    and e-mail servers--these are the only servers accessible to end users.
    The second tier, made up of application and middleware servers, is in
    turn only accessible to the presentation servers. Finally, the third
    tier, consisting of the database servers, is only accessible to the
    application and middleware servers."

    Yep, the've done an excellent job at removing the old scourge to
    productivity, the firewall.

    "The price tag of such a hardware-intensive architecture may seem high,
    but virtualization software allows us to deploy all three tiers within
    the same server."

    Ahh, they've virtualized it so the firewalls don't really exist.

    I read this earlier and my impression then as now is that the title of
    the article is horribly misleading. While they do appear to be trying to
    get away from the crunchy outside chewy inside model, they are doing it
    by increasing the use of security strategies that seem an awful lot like
    firewalls to me. This is probably a good thing overall, but the way the
    article is presented certain PHB types could get the wrong impression.

    firewall-wizards mailing list

  • Next message: Kevin: "Re: [fw-wiz] The Death Of A Firewall"