Home > Cloud Computing, Networking, Security > The firewall is NOT dead!

The firewall is NOT dead!

Finally, someone makes some sense when talking about firewalls. ScottL over at Juniper has an excellent post about why firewalls are still around. Even though this is a sneaky way to talk about their new SRX Series gear; he highlights a topic which I have debated recently with security vendors: The firewall is not dead!

As Scott pointed out, the traditional “firewall” no longer exists (at least shouldn’t). Instead modern firewalls fulfill many purposes. These purposes include intrusion detection, routing, anti-virus, anti-spam, anti-malware, VPN, remediation, etc…  In fact I can’t recall working on a firewall recently that simply separated the ‘outside’ from the ‘inside’. The current firewalls I manage have multiple zones with complex routing and security rules between them.

However no matter how much is done with them one fact remains: the firewall acts as a barrier between zones. True, many of these zones no longer exist in the physical world, but are instead virtual (I resist using the term ‘cloud’ here). However at its basic function the firewall is very little different from what existed back in the 90’s.

For anyone out there looking to secure their perimeter I recommend continuing the ‘old’ methodology of using the firewall as the foundation.  Yes it is true that determine what ports to open for new applications and services can be a pain. Just remember, a slight pain in deployment is much better than an agonizing death caused by a preventable perimeter breach.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: