Thu, Jul 1 2004 0:15
Death of the DMZ?
J. Wright has an interesting blog post that I'm reading from the TechEdBloggers site. It's about ISA 2004 and how the death of the DMZ in ISA 2004 ~
“Death of the DMZ is a debate evangelised by Steve Riley which basically implies that firewalls as we know them today will not be part of the security solution of the future. The concept is that we should let networks do what they are good at, shift data from point ‘a’ to point ‘b’, security cant be controlled by a single appliance with a single method. Platforms and application are being designed and built today to exists in a ‘hostile environment’ each node is therefore secure or secure enough. The analogy is streets, our roads are public, people can walk down the streets where we live however each house is responsible for its own security, places of high value have better security the standard house has standard security. Note Microsoft.com is not behind a firewall! Because no firewall exists that is capable. I cant do this subject justice but imagine this, if all your nodes on your network are secure, can authenticate to each other, by domain membership are patched have anti virus and have a good group policy deployed etc etc, do you need a corporate network? What is wrong with the biggest most resilient network in the world (the internet). The corporate network boundaries are becoming grey WiFi, VPN’s, extranets etc, the internal network is no longer trusted, so how are firewalls really helping?“
Well it's certainly in line with my rants of late that my security issues are not the fact that I have my firewall on my domain controller, it's the fact that I DON'T have good group policy deployed that is my security weakness.
Filed under: Security