[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC == end of firewalls



Discussing firewalls, [email protected] (Simon Spero) writes:

>What do you need as well as crypto before you can remove all firewalls?

What firewalls do is they allow an independent group of people to
track external network access and enforce rules over a large
population of hosts. Given that just about any security installed on a
workstation can be overcome (inadvertently or consciously) by someone
with physical access to it, I doubt firewalls will ever go away
entirely. Today's techniques will no doubt evolve and change in varous
ways over time. But I'd be surprised if the function went away
entirely.

Until Netscape came out I suspected that desktop crypto wouldn't make
the bigtime soon, simply because there are too many ways to do it
wrong. Netscape has demonstrated that doing it wrong is no impediment
to deployment.

Organizations that want to do crypto well are probably going to
concentrate crypto services in a few closely managed hosts to reduce
the risk of messing things up.

Rick.
[email protected]         secure computing corporation