Firewalls Losing Their Spark? -- Redmond Channel Partner

Barney's Blog

Firewalls Losing Their Spark?

In simpler times, a firewall (and some anti-virus software) was all you pretty much needed to protect the network. But times have changed, hackers are more devious, networks are more complex, and company insiders are more evil. In fact, you even have to keep tabs on your own IT folks, as we explained in a cover story three years ago.

This doesn't mean we should ditch firewalls, but instead equip them with additional layers of protection. First, you should get up-to-speed on the latest in firewall configuration -- and don't simply have them at the perimeter.

After that, look for firewall technologies that protect at multiple layers of the OSI stack, including the application layer.

Posted by Doug Barney on October 01, 2009 at 10:22 AM

Share this Page

Reader Comments

Mon, Oct 5, 2009 Matt Fontaine Seattle, WA

What about the world without firewalls that some security architects talk about, in which authentication takes place at the level of data? Is the answer really more firewalls? I don't know, just wanted to raise the point.

Thu, Oct 1, 2009 Marc Wagner Bloomington, IN

I agree. Perimeter firewalls are NOT enough. First, every personal workstation needs a personal firewall. Then, every server needs a firewall in order to restrict traffic to only those services it is intended to provide. Finally, classes of servers need to be grouped into secure subnets based upon the sensitivity of the data stored on them. On a large network, such a toplogy will help protect servers from infected personal workstations which reside within the perimeter firewall. Periodic and active scanning can be used to identify and isolate personal workstations which are either vulnerable to attack or which are already infected.