Saturday, October 28, 2006

Purpose of a firewall

Periodically, I see statements like "firewalls are useless" or "firewalls are dead". (Or IDS, or antivirus, pick your favorite security product category.) Does that mean you no longer need a firewall? Of course not. What it really means is a couple of things; One, a firewall is such a obvious requirement that it is just a given. And two, client-side holes are exploited so frequently that firewalls are not considered to contribute significantly as a preventative measure anymore.

Allow me to remind everyone what the purpose of a firewall is. A firewall exists so that you can do something risky on the protected side. That's it. You want to use Windows networking? You want to use cleartext protocols? You want to use enterprise software? (Or is that Enterprise Software.) Then you do that kind of thing behind a firewall.

If the systems, software, and protocols were hardened enough that they could be on a bare Internet connection, you wouldn't need a firewall. But I've never seen a company that didn't use at least one piece of software that couldn't make that cut. So they have a firewall.

Firewalls exist so that you can do risky things on the protected side.

1 comment:

Viagra Online said...

I have heard the same statements, people say why I would install a firewall if my current anti-virus has firewall, and I tell them it's not the same, stand-alone firewall are so much efficient and effective than the ones in an anti-virus software