The problem is that we seem to forget that there is a world outside of
firewalls yet there is much, much, more. They are very good (even
a necessity) at what they do, just that is not enough.
It is partially a matter of performance, to make every possible decison
on every possible packet at FDDI or ATM rates would take a MASPAR, not
a relatively inexpensive router.
At the same time, it is not fair to blame the Internet, it also does its
job very well, it delivers the packets. The Internet is not concerned with
what is in the packet, where it came from, or why it was sent, just that it
arrives even if it takes days. That is the nets strength and the addition
or the reliance on the net for security is misplaced trust.
The answer begins with a policy definition of what is allowed and what is
not (or even if security is needed at all).
Firewalls are decision makers facing the outside and determine how much
of an organization an outsider is allowed to "see". Bastion hosts and
proxy servers do the same. If directly connected to certain machines (such
as a mail server) then the firewall can perform packet steering also.
Once inside an Enterprise, filters perform the same function for subnets but
in this case face in both directions, determining which packets are allowed
to pass from the subnet to the backbone.
At the finest level active hubs can direct packets to specific machines. One
very important issue that has not been addressed is the effect on performance
and the suprising thing is that for such a distributed system, the performance
increases since unwanted packets never reach the system. Security can be
viewed as a performance enhancement !
Consider that in such a system, every node could be set in "promiscuous"
mode since only packets for that machine will reach it. The fact
that sniffers at nodes become obsolete is just an extra added attraction.
The next step should be obvious: with an active system, single-sign-on
becomes simple as hubs/filters/firewalls are dynamically configured to the
user's needs. No longer do the firewalls have to be open to all required
traffic at all times, instead paths are dynamically created and discarded
as needed. Networks go from party lines to individual subscribers. Performance
and reliability are enhanced while security rides along for free or just
the cost of logging/alarming.
True, it takes a different way of looking at the problem and it takes moving
control of the architecture from the individual platform be it a 3090 or a PC
to the network itself. Think of it as evolution in action.
ps thanks to all who sent headers since this made it much easier for me to
figure out by remote control what was going on. Evidently, at some point
in our system the logic was picking up what was usually (but not always)
the correct line in the header for reply. It is being checked out now. From
other reports, this does not seem uncommon in the VAX world.