Re: [fw-wiz] Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA



We definitely still need firewalls.

Yes, web services (J2EE) tunnel through HTTP, but I may have 30,000
hosts on my network. Without a firewall, how do I prevent them from
advertising services to the world, then poorly configuring those services?

And how does J2EE tunneling across HTTP have anything to do with the
above risk and the use of a firewall to mitigate it?

Joe Nall wrote:
On Mar 21, 2008, at 4:50 AM, william fitzgerald wrote:

Dear Firewall Experts,

Provocative Question:
++++++++++++++++++++
Are firewalls obsolete in a world involving enterprise Webservice SOA?

What do I mane by the above question: given that Web Services (J2EE
and
so forth) tend to tunnel through http and https (eg. SOAP) what role
can
a traditional network firewall play? (other than simply permitting
access for all, therefore rendering the firewall as an extra cog
providing no input in the overall process)

I am asking this question not to be flamed but to provoke a discussion
as to why we still need firewalls.


Well there are 65534 other ports :)

joe

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: activesync and exchange http
    ... Http users experience slow performance. ... On the SBS 2003 Server open the Server Management console. ... For the configuration of Cisco firewall, since that's third party product, ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Blocking Access to web-based email
    ... the way I do it is with one Firewall appliance and different HTTP ... you setup DHCP with reservations for their MAC and their IP is ... But you don't want the NAT device assigning the IP, ...
    (comp.security.firewalls)
  • Re: ISA 2000 Firewall Log
    ... > application requires internet access for whatever reason on a port other ... The firewall log entries appears because the traffic from the snat clients ... rejected by HTTP redirector filter should appear in firewall logs and how do ... MS ISA Server 2000 Firewall and Web Proxy log fields: ...
    (microsoft.public.isa)
  • Re: H.D. content visible on web
    ... > And this seems to be happening even with AV and software firewall on ... > come to my Website. ... You sent an HTTP request and received ...
    (comp.security.firewalls)
  • Re: VNC client/server combo doing VNC over HTTP
    ... are not putting VNC over HTTP? ... allowed by the corporate firewall are the other half... ... An SSL-Connection works this way: ... so it can´t tell if this is http in the data-stream or something else. ...
    (Debian-User)