Re: [fw-wiz] Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA
- From: "Paul Melson" <pmelson@xxxxxxxxx>
- Date: Thu, 27 Mar 2008 15:31:17 -0400
Back in the old days, we had similar situations and they amounted to"block everything except
incoming telnet" - well, of course you can do anything over telnet, justlike you can over
these newfangled web frobozzes.
I guess I'm just questioning the relevance of a comparison between now and
then. You only have security around those protocols that you control.
That's always been true. If you only implement controls for IP, TCP, UDP,
and ICMP, then that's all you get. You don't get control over your SOAP
services or Telnet. Your router won't enforce those protocol standards and
prevent things like PPP-over-Telnet or RPC-over-SOAP. It's not a question
of obsolescence, rather a question of ignorance. And frankly, I don't think
that ignorance is that widespread. Maybe I've been out of consulting too
My take on William's inquiry is that it's a strawman. He basically asked,
"Are devices that control A relevant to the security of systems that do B?"
None of this should be taken (please) as an attack on you.many of us have fought > a long rearguard action against, knowing we'd fail
It's frustration because the ideas you're expressing are bad ideas that
from the beginning.
You mean *epic* fail from the beginning. :-)
firewall-wizards mailing list
- Prev by Date: Re: [fw-wiz] [Administrivia] Subscription/Unsubscription/Changes
- Next by Date: Re: [fw-wiz] wiz] Mapping drives automatically using WebVPN
- Previous by thread: Re: [fw-wiz] Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA
- Next by thread: Re: [fw-wiz] Provocative Query: Are firewalls obsolete in a world involving enterprise WebService SOA