Re: [fw-wiz] Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA

Back in the old days, we had similar situations and they amounted to
"block everything except
incoming telnet" - well, of course you can do anything over telnet, just
like you can over
these newfangled web frobozzes.

I guess I'm just questioning the relevance of a comparison between now and
then. You only have security around those protocols that you control.
That's always been true. If you only implement controls for IP, TCP, UDP,
and ICMP, then that's all you get. You don't get control over your SOAP
services or Telnet. Your router won't enforce those protocol standards and
prevent things like PPP-over-Telnet or RPC-over-SOAP. It's not a question
of obsolescence, rather a question of ignorance. And frankly, I don't think
that ignorance is that widespread. Maybe I've been out of consulting too
long.

My take on William's inquiry is that it's a strawman. He basically asked,
"Are devices that control A relevant to the security of systems that do B?"
Well, duh.


None of this should be taken (please) as an attack on you.
It's frustration because the ideas you're expressing are bad ideas that
many of us have fought > a long rearguard action against, knowing we'd fail
from the beginning.

You mean *epic* fail from the beginning. :-)


PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • [NEWS] HelixPlayer Based Players Format String
    ... Get your security news from a reliable source. ... media player for Linux, Solaris (versions for other operating systems are ... between 0x0822** - 0x082f** and with control of one pointer at a time ... $ An open security advisory #13 - RealPlayer and Helix Player Remote ...
    (Securiteam)
  • Re: why microsoft choose mfc rather than wtl?
    ... to lower security settings, etc. ... For a client to get ... the particular AX control is never accessed, shown, or downloaded. ... unethical to deliver an automobile to customers because it is possible ...
    (microsoft.public.vc.mfc)
  • Re: Linux security
    ... that is in Windows NT-based systems out of the box. ... Why do you want that fine level of control? ... level of control over security?" ... a file system is a different beast altogether. ...
    (Ubuntu)
  • Re: Homeland security suggests Real ID (and now it gets worse!)
    ... Torture Bracelet To Control Dissenting Americans? ... Homeland Security, weapons company express desire to use "Security Bracelet" in law enforcement, crowd control ... Why the terrorists wouldn't just remove the bracelet as soon as they boarded the plane isn't explained, but the perceived fallibility of the device isn't the issue - the heart of the matter is the fact that the Department of Homeland Security has publicly expressed an interest and is seeking funding to utilize the device against the "criminal element". ...
    (alt.support.chronic-pain)
  • RE: [Full-disclosure] RE: [ISN] How To Save The Internet
    ... The point might be better made here that we have many security models ... a box owner may assign so that their access permissions are granted ... the current legal morass over intellectual property is of social value ... Nor is there much up-front discussion for consumers of what they can control, ...
    (Full-Disclosure)
Quantcast