Danny writes:
> Interesting this .. is this the future as it's seen? That firewalls will become
> redundant technology ? I'd better not setup as a purely firewall consultant
> then :) Seriously, has anyone any further thoughts on this? Will firewalls
> become redundant ? And if so, how long d'you reckon it'll be before they are?
>
An intersesting point to discuss. Trying to mediate policy at the
host level is really completely unmanageable. Each host would have to
manage complete lists of every other host to which they wish to
communicate. That encourages people to open up their host to
everybody. How would a security officer determine that all 10,000
hosts at his site are correctly configured?
The notion of a "firewall" will definitely shift, but for the *better*
as time goes on. We need a mediator to determine what types of connections
are allowable. Adding better authentication at the end points makes
firewalls *more* desirable, because now a single point of entry can
enforce a policy based on better knowlege about the endpoints. Encryption,
data stream integrity, and strong authentication will definitely have
an impact on the definition of what a firewall is.
Mark Riggins
Secure Systems Engineering
AT&T Bell Labs
References:
|
|
